# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: Emotet, Heodo, Geodo # Reference: https://twitter.com/_lockhum/status/1221213324525867008 66.210.228.178:443 66.210.228.178:80 # Reference: https://twitter.com/_lockhum/status/1221245124707078144 50.252.121.146:85 dvr.petcp.com # Reference: https://twitter.com/500mk500/status/1221353819059167233 116.247.95.206:443 116.247.95.206:80 # Reference: https://twitter.com/500mk500/status/1221354099058401280 77.230.243.54:75 1c26.dyndns.org # Reference: https://twitter.com/500mk500/status/1221355282971942914 217.77.171.230:8090 # Reference: https://twitter.com/500mk500/status/1221355851795046400 186.52.202.49:1216 vigilantepadre.dvrdns.org # Reference: https://twitter.com/500mk500/status/1221359005655805953 201.159.153.38:8080 geracaokids.jflddns.com.br # Reference: https://twitter.com/500mk500/status/1221360316740775937 190.158.245.105:9022 # Reference: https://twitter.com/_lockhum/status/1221620873779609602 158.255.30.100:443 158.255.30.100:80 # Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Emotet#tab=2 # Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Spammer:Win32/Cetsiol.A#tab=2 # Reference: http://www.securityhome.eu/malware/malware.php?mal_id=1193064972549a82b0400072.08119525 ajeyftrjqeashgda.mobi bardubar.com cryspellingslaveseducation.eu distrbilko.pw labamito.ru likesomessfortelr.eu mail.ps4hacked.es naimjax.ru qwuyegasd3edarq6yu.org thehappylattersforallpeopleoftheworld.eu usportrock.ru www6067ug.sakura.ne.jp # Reference: https://pastebin.com/csipUv2z http://regionsnews.net/OEqhU8Lg5 http://barcounterstools.info/gwzel4FlN0 http://latemia.com.br/obrqY699Rj http://bestofcareer.com/clwPPAOykd http://reelcreations.ie/KAqmCDJk http://seaweldci.com/ADR http://seilanithih.com.kh/Rfg0JO1 http://sunflowerschoolandcollege.com/ibb/papkaa17/OWFktY http://dealtimer.com/AsIn9 http://abujarealproperties.com/fl http://zippyrooter.com/lvUg6HFdC http://puntoyaparteseguros.com/B9P3zyHmix http://fastinternet.net.au/WDnndUN http://mebel-m.com.ua/HuvTFu8 http://tomas.datanom.fi/testlab/YHMLRXJ http://aliu-rdc.org/QwWKYJxM http://2idiotsandnobusinessplan.com/wC7 http://7naturalessences.com/DFaSvtrS http://hostmktar.com/mP http://benimdunyamkres.com/v0vig1G1 http://alpharockgroup.com/HT http://adminflex.dk/l5TF6w http://gailong.net/X5AyWfJG http://shunji.org/logsite/TJaaB http://binar48.ru/OtTlVIU5 http://tonda.us/nK8Gqwgp8 http://acejapan.net/gTFikCcVIF http://www.finspangonline.se/qpSw0SD http://yazilimextra.com/jHQNAQVM9 http://tpms.net.pl/gXJTQL6qMO http://ysd63.com/xw0jDX http://exclusiv-residence.ro/IuWn6 http://leizerstamp.ir/zqiQcpE http://firstchoicetrucks.net/kCV0l http://olsenelectric.com/zVz4iwC # Reference: https://www.malware-traffic-analysis.net/2018/08/16/index2.html theeunload.website mykeeptake.xyz # Reference: https://www.virustotal.com/#/domain/bizercise.top bizercise.top # Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html (Doc.Downloader.Emotet-6878774-0) uka.me woelf.in # Reference: https://twitter.com/Cryptolaemus1/status/1113429409946644480 # Reference: https://pastebin.com/raw/DZd2628u 192.186.96.125:8080 83.110.216.26:8443 189.159.103.149:8080 200.126.225.56:8080 189.190.169.221:7080 104.236.135.119:8080 162.243.125.212:8080 217.13.106.160:7080 5.230.147.179:8080 64.13.225.150:8080 94.76.200.114:8080 212.122.71.196:995 174.93.130.148:8443 181.92.117.141:993 133.242.156.30:7080 91.92.191.134:8080 63.77.201.245:443 69.198.17.7:8080 181.39.51.243:993 27.130.153.101:53 187.189.195.208:8443 174.106.108.31:80 60.49.36.149:50000 70.57.82.196:80 62.75.187.192:8080 95.128.43.213:8080 73.217.113.111:80 87.106.139.101:8080 211.63.71.72:8080 173.255.250.241:443 190.161.186.116:80 178.62.37.188:443 175.100.138.82:22 201.220.152.101:80 208.78.100.202:8080 167.114.210.191:8080 204.184.25.150:143 184.22.6.124:7080 45.33.49.124:443 201.152.34.208:995 85.104.59.244:20 103.12.133.7:8080 203.210.237.200:993 87.106.210.123:80 45.123.3.54:443 173.255.196.209:8080 138.201.140.110:8080 78.186.5.109:443 105.101.6.219:8080 186.4.234.27:443 83.222.124.62:8080 187.198.57.250:7080 147.135.210.39:8080 24.63.218.229:80 50.31.0.160:8080 67.205.149.117:443 # Reference: https://twitter.com/makflwana/status/1085118389633175555 87.207.58.148:20 # Reference: https://twitter.com/pollo290987/status/1114007607352725504 103.12.133.7:8080 104.2.2.153:8080 104.236.135.119:8080 104.236.24.85:443 105.101.6.219:8080 105.225.191.133:80 106.51.237.174:50000 109.104.79.48:8080 109.73.52.242:8080 110.169.107.239:443 114.79.191.12:20 115.254.91.178:7080 115.74.214.134:443 120.63.130.239:465 125.99.106.225:80 133.242.156.30:7080 136.49.87.106:80 138.201.140.110:8080 138.68.139.199:443 139.59.19.157:80 144.76.117.247:8080 147.135.210.39:8080 154.120.228.126:8080 162.243.125.212:8080 165.227.213.173:8080 167.114.210.191:8080 171.101.196.138:80 173.255.196.209:8080 173.255.250.241:443 174.106.108.31:80 174.93.130.148:8443 175.100.138.82:22 176.58.93.123:8080 178.62.37.188:443 179.8.124.11:443 181.118.101.22:8080 181.15.177.100:443 181.16.4.180:80 181.170.252.83:80 181.170.93.38:8080 181.39.51.243:993 181.44.231.127:443 181.56.165.97:53 181.92.117.141:993 182.176.184.81:22 183.82.1.142:7080 184.160.113.4:993 184.22.6.124:7080 184.95.192.237:80 185.191.177.79:143 185.86.148.222:8080 186.139.160.193:8080 186.4.234.27:443 187.153.103.175:443 187.189.195.208:8443 187.189.210.143:80 187.198.57.250:7080 187.228.144.250:143 187.234.36.129:8443 188.51.153.187:993 189.148.145.183:50000 189.150.218.69:8080 189.156.223.10:20 189.159.103.149:8080 189.186.208.24:8443 189.190.169.221:7080 189.208.239.98:443 189.222.167.65:20 189.252.110.239:443 189.252.15.206:443 190.0.32.206:8080 190.104.229.114:8090 190.117.206.153:443 190.117.82.103:443 190.128.26.2:80 190.146.86.180:443 190.15.198.47:80 190.161.186.116:80 190.18.153.249:80 190.18.219.56:443 190.185.241.151:443 190.186.70.146:21 190.230.219.95:20 190.35.109.41:990 190.36.237.47:8443 190.96.118.53:443 190.97.219.241:80 192.155.90.90:7080 192.163.199.254:8080 192.186.96.125:8080 192.228.158.238:443 197.248.67.226:8080 197.88.12.80:53 200.114.142.40:8080 200.125.190.126:8080 200.126.225.56:8080 201.110.165.146:8443 201.138.11.223:8080 201.146.85.239:22 201.152.34.208:995 201.152.64.25:20 201.165.102.49:443 201.170.241.239:8080 201.220.152.101:80 201.236.95.82:80 201.239.154.191:443 201.97.91.217:443 203.210.237.200:993 204.138.46.166:7080 204.184.25.150:143 208.180.246.147:80 208.78.100.202:8080 209.159.244.240:443 210.2.86.72:8080 211.105.238.226:80 211.63.71.72:8080 212.122.71.196:995 212.31.106.90:22 216.221.73.45:443 217.13.106.160:7080 217.165.84.16:7080 217.165.84.98:20 219.94.254.93:8080 23.254.203.51:8080 24.137.254.148:80 24.63.218.229:80 2.50.4.159:443 27.130.153.101:53 37.209.252.121:80 41.227.243.107:80 41.71.19.150:80 43.229.62.186:8080 45.123.3.54:443 45.33.49.124:443 47.202.17.6:80 50.250.136.225:80 50.31.0.160:8080 51.255.50.164:8080 5.230.147.179:8080 5.9.128.163:8080 59.91.30.53:443 60.49.36.149:50000 61.2.56.167:80 62.75.143.100:7080 62.75.187.192:8080 63.77.201.245:443 64.13.225.150:8080 66.115.90.48:80 66.209.69.165:443 67.205.149.117:443 67.206.210.18:80 67.241.81.253:8443 68.191.37.107:80 69.163.33.82:8080 69.198.17.7:8080 70.184.8.94:80 70.57.82.196:80 71.11.157.249:80 72.47.248.48:8080 73.217.113.111:80 74.36.4.206:80 78.186.5.109:443 80.82.62.9:443 81.134.59.36:8080 81.22.137.186:8080 82.226.163.9:80 82.73.220.225:80 83.110.216.26:8443 83.110.80.67:22 83.222.124.62:8080 85.104.184.242:8080 85.104.59.244:20 87.106.139.101:8080 87.106.210.123:80 88.254.240.194:80 89.188.124.145:443 89.211.193.18:80 91.205.215.57:7080 91.92.191.134:8080 92.154.101.154:50000 92.48.118.27:8080 94.250.55.138:443 94.76.200.114:8080 95.128.43.213:8080 95.42.189.34:443 96.64.191.13:80 99.243.127.236:80 # Reference: https://twitter.com/ozuma5119/status/1123474884221382656 http://117.196.47.110/teapot/badge/ringin/merge/ # Reference: https://twitter.com/ozuma5119/status/1127619333444730886 tamsuamy.com 66.84.11.168:8080 # Reference: https://twitter.com/P3pperP0tts/status/1135976656751996928 142.4.198.249:7080 162.243.125.212:8080 170.150.11.245:8080 # Reference: https://twitter.com/bry_campbell/status/1164689134012833792 # Reference: https://pastebin.com/raw/7Kq2e1ik 104.131.11.150:8080 104.131.208.175:8080 104.236.151.95:7080 142.93.88.16:443 144.139.247.220:80 159.89.179.87:7080 162.144.119.216:8080 162.243.125.212:8080 170.150.11.245:8080 176.31.200.130:8080 177.242.214.30:80 187.163.180.243:22 195.242.117.231:8080 216.98.148.156:8080 217.13.106.160:7080 31.12.67.62:7080 45.123.3.54:443 45.32.158.232:7080 46.101.142.115:8080 46.105.131.69:443 64.13.225.150:8080 69.45.19.145:8080 70.32.84.74:8080 75.127.14.170:8080 91.83.93.103:7080 # Reference: https://www.virustotal.com/gui/file/09007a7ee335c0556b4a519596b589f55a0451ac540d5bbfd009f58bd9cdeb69/detection # Reference: https://app.any.run/tasks/f78c73cb-c3b2-4ea1-a50e-187a3545eb57/ 176.113.82.144:443 realty4rent.hk # Reference: https://app.any.run/tasks/1c298a26-6a84-425f-bc1e-d37438a3ef58/ /guids/xian/ringin/ # Reference: https://twitter.com/MalwareBlueTeam/status/1171447070307188738 # Reference: https://app.any.run/tasks/ad2a8ad2-884e-4971-93bb-628305633af7/ cwbsa.org greatvacationgiveaways.com ulukantasarim.com # Reference: https://twitter.com/JAMESWT_MHT/status/1173526753308020736 # Reference: https://app.any.run/tasks/d488ee5e-8fac-47b1-b60c-56a6e39dbd89/ 179.24.118.93:990 190.55.39.215:80 190.55.86.138:8443 /ringin/usbccid/ # Reference: https://twitter.com/reecdeep/status/1173858862467883008 179.12.170.88:8080 /ringin/merge/ # Reference: https://twitter.com/Paladin3161/status/1173758599442468864 alldc.pw dentalsearchsolutions.com dywanypers.pl keqiang.pro playasrivieramaya.com # Reference: https://twitter.com/SethKingHi/status/1173825828053872641 139.59.242.76:8080 149.202.153.251:8080 159.69.211.211:7080 181.230.126.152:8090 190.13.146.47:443 190.92.103.7:80 192.241.175.184:8080 203.150.19.63:443 216.154.222.52:7080 69.164.216.124:8080 93.78.205.196:443 # Reference: https://twitter.com/killamjr/status/1173960346572378112 59055.cn larissalinhares.com.br robotechcity.com toptarotist.nl xinlou.info # Reference: https://twitter.com/lazyactivist192/status/1173983779981012994 # Reference: https://pastebin.com/ya09DEzC 103.97.95.218:143 104.131.11.150:8080 104.236.246.93:8080 109.104.79.48:8080 109.169.86.13:8080 117.197.124.36:443 123.168.4.66:22 136.243.177.26:8080 138.201.140.110:8080 138.68.106.4:7080 142.44.162.209:8080 144.139.247.220:80 149.202.153.252:8080 149.62.173.247:8080 151.80.142.33:80 159.203.204.126:8080 159.65.241.220:8080 159.65.25.128:8080 162.243.125.212:8080 169.239.182.217:8080 173.212.203.26:8080 175.100.138.82:22 177.246.193.139:20 178.254.6.27:7080 178.62.37.188:443 178.79.161.166:443 178.79.163.131:8080 179.32.19.219:22 179.62.18.56:443 181.143.53.227:21 181.188.149.134:80 181.36.42.205:443 181.81.143.108:80 182.176.106.43:995 182.176.132.213:8090 182.76.6.2:8080 183.82.97.25:80 183.87.87.73:80 185.129.92.210:7080 185.86.148.222:8080 185.94.252.13:443 186.4.172.5:443 186.4.172.5:8080 186.4.194.153:993 186.83.133.253:8080 187.155.233.46:443 187.188.166.192:80 188.166.253.46:8080 189.209.217.49:80 190.1.37.125:443 190.117.206.153:443 190.145.67.134:8090 190.186.203.55:80 190.19.42.131:80 190.200.64.180:7080 190.221.50.210:8080 190.226.44.20:21 190.230.60.129:80 190.53.135.159:21 198.199.106.229:8080 198.199.88.162:8080 200.21.90.6:8080 200.57.102.71:8443 200.58.171.51:80 201.163.74.202:443 201.212.57.109:80 201.250.11.236:50000 203.25.159.3:8080 206.189.98.125:8080 211.63.71.72:8080 212.71.234.16:8080 217.113.27.158:443 217.160.182.191:8080 217.199.175.216:8080 222.214.218.192:8080 23.92.22.225:7080 31.12.67.62:7080 31.172.240.91:8080 37.157.194.134:443 37.208.39.59:7080 41.220.119.246:80 45.123.3.54:443 45.33.49.124:443 46.105.131.87:80 46.21.105.59:8080 46.29.183.211:8080 5.196.35.138:7080 5.77.13.70:80 59.152.93.46:443 62.210.142.58:8080 62.75.143.100:7080 62.75.187.192:8080 64.13.225.150:8080 75.127.14.170:8080 77.245.101.134:8080 77.55.211.77:8080 78.188.105.159:21 78.24.219.147:8080 79.127.57.42:80 79.143.182.254:8080 80.85.87.122:8080 81.169.140.14:443 85.104.59.244:20 86.42.166.147:80 86.98.25.30:53 87.106.136.232:8080 87.106.139.101:8080 87.230.19.21:8080 88.156.97.210:80 88.250.223.190:8080 89.188.124.145:443 91.205.215.57:7080 91.205.215.66:8080 91.83.93.103:7080 91.83.93.124:7080 91.92.191.134:8080 92.222.125.16:7080 92.222.216.44:8080 94.205.247.10:80 95.128.43.213:8080 # Reference: https://blog.malwarebytes.com/botnets/2019/09/emotet-malspam-campaign-uses-snowdens-new-book-as-lure/ # Reference: https://otx.alienvault.com/pulse/5d8a324eb4ec65a6ab67f511 62.75.171.248:7080 cia.com.py # Reference: https://twitter.com/reecdeep/status/1179310971761901570 # Reference: https://pastebin.com/stDdCGt8 80.240.141.141:7080 /child/free/ringin/ # Reference: https://www.virustotal.com/gui/file/985c26006ec5b38ff8c77239ccd33f1019918282c4cb50e541a58bcf8267d7bd/detection 67.225.229.55:8080 # Reference: https://paste.cryptolaemus.com/emotet/2019/09/26/emotet-malware-IoCs_09-26-19.html 109.104.79.48:8080 109.169.86.13:8080 114.79.134.129:443 119.159.150.176:443 119.59.124.163:8080 119.92.51.40:8080 123.168.4.66:22 138.68.106.4:7080 139.5.237.27:443 149.62.173.247:8080 151.80.142.33:80 159.203.204.126:8080 170.84.133.72:7080 170.84.133.72:8443 178.249.187.151:8080 178.79.163.131:8080 179.62.18.56:443 181.123.0.125:80 181.167.53.209:80 181.188.149.134:80 181.230.212.74:80 181.36.42.205:443 183.82.97.25:80 184.69.214.94:20 185.187.198.10:8080 185.86.148.222:8080 186.0.95.172:80 186.83.133.253:8080 187.155.233.46:443 187.188.166.192:80 187.199.158.226:443 187.199.158.226:7080 187.235.239.214:8080 189.166.68.89:443 189.187.141.15:50000 190.1.37.125:443 190.104.253.234:990 190.117.206.153:443 190.158.19.141:80 190.200.64.180:7080 190.221.50.210:8080 190.230.60.129:80 190.230.60.129:8080 190.38.14.52:80 200.21.90.6:8080 200.57.102.71:8443 200.58.171.51:80 201.163.74.202:443 201.184.65.229:80 201.214.74.71:80 203.25.159.3:8080 211.229.116.97:80 212.71.237.140:8080 217.113.27.158:443 217.199.160.224:8080 217.199.175.216:8080 23.92.22.225:7080 46.163.144.228:80 46.21.105.59:8080 46.28.111.142:7080 46.29.183.211:8080 46.41.134.46:8080 46.41.151.103:8080 5.196.35.138:7080 5.77.13.70:80 50.28.51.143:8080 51.15.8.192:8080 62.75.143.100:7080 62.75.160.178:8080 71.244.60.230:7080 71.244.60.231:7080 77.245.101.134:8080 77.55.211.77:8080 79.143.182.254:8080 80.240.141.141:7080 80.85.87.122:8080 81.169.140.14:443 86.42.166.147:80 87.106.77.40:7080 88.250.223.190:8080 89.188.124.145:443 91.205.215.57:7080 91.83.93.124:7080 66.228.32.31:443 198.50.170.27:8080 216.98.148.157:8080 101.187.237.217:20 103.255.150.84:80 103.97.95.218:143 104.131.11.150:8080 104.236.246.93:8080 119.15.153.237:80 136.243.177.26:8080 138.201.140.110:8080 142.44.162.209:8080 144.139.247.220:80 149.167.86.174:990 149.202.153.252:8080 159.65.25.128:8080 162.144.47.94:7080 169.239.182.217:8080 173.212.203.26:8080 177.246.193.139:20 178.254.6.27:7080 178.79.161.166:443 179.32.19.219:22 180.183.112.185:21 181.143.194.138:443 181.143.53.227:21 182.176.106.43:995 182.176.132.213:8090 182.76.6.2:8080 185.142.236.163:443 185.94.252.13:443 186.4.172.5:443 186.4.172.5:8080 186.75.241.230:80 187.144.189.58:50000 188.166.253.46:8080 189.209.217.49:80 190.106.97.230:443 190.108.228.48:990 190.145.67.134:8090 190.18.146.70:80 190.186.203.55:80 190.211.207.11:443 190.226.44.20:21 190.228.72.244:53 190.53.135.159:21 199.19.237.192:80 200.21.90.6:80 200.71.148.138:8080 201.251.43.69:8080 206.189.98.125:8080 211.63.71.72:8080 212.129.24.82:8080 212.71.234.16:8080 217.145.83.44:80 217.160.182.191:8080 222.214.218.192:8080 24.51.106.145:21 27.147.163.188:8080 31.12.67.62:7080 31.172.240.91:8080 37.157.194.134:443 41.220.119.246:80 45.123.3.54:443 45.33.49.124:443 46.105.131.87:80 47.41.213.2:22 5.196.74.210:8080 62.75.187.192:8080 63.142.253.122:8080 77.237.248.136:8080 78.188.105.159:21 78.24.219.147:8080 80.11.163.139:21 80.11.163.139:443 83.136.245.190:8080 85.104.59.244:20 85.106.1.166:50000 86.98.25.30:53 87.106.136.232:8080 87.106.139.101:8080 87.230.19.21:8080 88.156.97.210:80 88.247.163.44:80 91.205.215.66:8080 92.222.125.16:7080 92.222.216.44:8080 94.205.247.10:80 95.128.43.213:8080 46.105.131.69:443 176.31.200.130:8080 104.131.58.132:8080 108.179.216.46:8080 110.36.234.146:80 113.52.135.33:7080 115.88.70.226:7080 125.99.61.162:7080 138.197.140.163:8080 139.59.242.76:8080 143.95.101.72:8080 148.240.52.172:80 152.170.220.95:80 162.214.27.219:7080 162.241.232.82:8080 176.58.93.123:80 178.249.187.150:7080 179.62.18.56:443 181.113.229.139:990 181.165.150.211:143 181.230.126.152:8090 181.55.171.237:8080 186.10.16.244:53 186.117.174.26:80 186.29.155.101:50000 186.93.167.147:443 190.117.206.153:443 190.13.146.47:443 190.55.39.215:80 190.55.86.138:8443 190.92.103.7:80 190.96.118.15:443 194.50.163.106:8080 197.211.244.6:443 200.114.134.8:20 201.244.125.210:995 203.150.19.63:443 216.154.222.52:7080 216.70.88.55:8080 41.60.202.26:22 45.33.1.161:8080 46.32.229.152:8080 5.189.148.98:8080 51.38.134.203:8080 70.45.30.28:80 78.109.34.178:443 83.169.33.157:8080 93.78.205.196:443 94.177.253.126:80 178.32.255.133:443 198.46.150.196:7080 # Reference: https://paste.cryptolaemus.com/emotet/2019/09/26/emotet-malware-IoCs_09-26-19.html tamariaclinic.com/blog/po22/ a3infra.com/config.charge/92/ kairod.com/4rvg/fg19/ weifanhao.com/wp-admin/mm6zz6158/ aladilauto.com/wp-admin/o273wu4/ marchekit.com/wp-admin/oaxj1/ matteogiovanetti.com/wp-admin/264/ fntc-test.xcesslogic.com/wp-content/3b7s9209/ m.alahmads.com/wordpress/h5ut582/ ejob.magnusideas.com/cgi-bin/i5834/ otc-manila.com/wp-admin/q2zht7567/ mti.shipindia.com/wp-admin/css/21nd31328/ wisdomabc.com/css/wm8fu9190/ reportingnew.xyz/wordpress/3f0880/ metaphysicalhub.com/bkp_08092019/9nvo876799/ gg4.devs-group.com/amdcwdp/YPRqWcJFaE/ tlbplanning.org/wp-admin/KqrBgDoSq/ eternalsea.cn/qfpka0q/tPeJNBsE/ banglaay.com/wp-includes/VRVWLAbrjy/ shizizmt.com/jr/633mjf4w8_54d4cu-209964833/ aplikasi.bangunrumah-kita.com/b8kee0mj/0m3l_clo7kkcub-76/ altaikawater.com/wp-admin/4jh8s_sxm6m3eec-441/ antoinegimenez.com/css/hUgHbaEf/ auto-moto-ecole-vauban.fr/wp-admin/ww42_lwln3c-1236328628/ avant2017.amsi-formations.com/prog/skzHGQddV/ cheaptrainticket.cogbiz-infotech.com/cgi-bin/9vsx4g6l_p5x29co-43731795/ gsfcloud.com/fir/qx88b0qgfq_tdpfmobexf-881829012/ fabiogutierrez.com.br/loja/bEZYtLkJGj/ gruasasuservicio.com/cgi-bin/YdFmLIEsIB/ itf.palemiya.com/wp-includes/IIswblOCV/ moda.9l.pl/calendar/HugncgqxUR/ sweetmagazine.org/wp-admin/z0jxuhjao_n6me674y8i-3862/ precisieving.com/wp-admin/db090yl5_bwwmv-86392/ ucomechina.com/wp-content/aVMBsBCy/ your-event.es/mailin/OgXcBNiq/ lensakaca21.com/wp-admin/dBfxiIyp/ ithync.net/wp-includes/tyyYyGS/ blog.coopealbaterense.es/wp-admin/dnf3-nl9qg-869655/ lumiinx.eu/inc/prevents/addtosavedlist/nStxFTJB/ lupusvibes.ca/wp-admin/jnmvgio-dsl-6986784805/ cielouvert.fr/syvhqw1/nkch-nzf59az7e-99571/ demo.magerase.co.uk/wp-admin/wKpBbWmF/ accountingtoindia.com/fhsao/txsp1-fcy9gfh-11178860/ diawan.club/wordpress/ZnbSfWu/ lelecars.it/wp-admin/khrufjms-sijs5jz1e3-532825/ notiwebs.xyz/wordpress/vBfQVN/ ocstudio.tv/wp-admin/qWhNBtEM/ dulich.goasiatravel.com/wp-admin/mCXZnnARx/ www.hellotech.io/fivestar/vHYxCPeDd/ hospitalitysource.co.uk/test/lohXuP/ mobasara13.zahidulzibon.com/hyi/iGIuWmPa/ munishjindal.com/wp-content/tIZtULuZv/ cowabungaindustries.com/cgi-bin/hv3g9x-hkzj-9002618725/ sgiff.com/css/ixuc3k-wus7v022j-4995897081/ thesafeplace.net/wp/AsHrwMT/ # Reference: https://twitter.com/BarryShooshooga/status/1182535664643923968 mayurpai.com mastersjarvis.com nyc.rekko.com lagriffeduweb.com onickdoorsonline.com # Reference: https://any.run/report/06f1f3ab993e994fe2b14126c50f009854081f55e52e26d5f0e2a325c5c5280f/e304cf8f-c3e5-4c03-a37d-2eb47266e450 offmaxindia.com # Reference: https://github.com/silence-is-best/c2db#emotet 69.162.169.173:8080 # Reference: https://twitter.com/D3LabIT/status/1182633589764165640 # Reference: https://app.any.run/tasks/e6e252dc-6a94-4e61-ae21-a581beee5114/ # Reference: https://pastebin.com/zKBnkxqq http://110.36.234.146 http://191.82.16.60 91.83.93.105:8080 110.36.234.146:80 191.82.16.60:80 91.83.93.105:8080 216.98.148.181:8080 68.183.190.199:8080 190.230.60.129:80 183.82.97.25:80 114.79.134.129:443 89.188.124.145:443 178.79.163.131:8080 76.69.29.42:80 87.106.77.40:7080 178.249.187.151:8080 62.75.143.100:7080 201.163.74.202:443 62.75.160.178:8080 181.188.149.134:80 186.0.95.172:80 217.199.160.224:8080 203.25.159.3:8080 189.160.49.234:8443 190.104.253.234:990 71.244.60.230:7080 159.203.204.126:8080 71.244.60.231:7080 142.93.82.57:8080 46.41.151.103:8080 138.68.106.4:7080 5.1.86.195:8080 149.62.173.247:8080 170.84.133.72:7080 190.230.60.129:8080 190.97.30.167:990 190.85.152.186:8080 200.58.171.51:80 51.15.8.192:8080 190.158.19.141:80 91.83.93.124:7080 139.5.237.27:443 123.168.4.66:22 81.169.140.14:443 187.188.166.192:80 212.71.237.140:8080 186.1.41.111:443 77.245.101.134:8080 181.29.101.13:8080 181.44.166.242:80 185.86.148.222:8080 86.42.166.147:80 190.221.50.210:8080 94.183.71.206:7080 181.36.42.205:443 170.84.133.72:8443 68.183.170.114:8080 79.129.0.173:8080 184.69.214.94:20 189.180.243.255:8080 200.57.102.71:8443 109.104.79.48:8080 185.187.198.10:8080 80.85.87.122:8080 181.143.101.18:8080 119.59.124.163:8080 46.163.144.228:80 50.28.51.143:8080 88.250.223.190:8080 190.38.14.52:80 119.159.150.176:443 5.77.13.70:80 200.51.94.251:143 82.196.15.205:8080 201.199.93.30:443 5.196.35.138:7080 46.28.111.142:7080 125.99.61.162:7080 189.166.68.89:443 151.80.142.33:80 79.143.182.254:8080 119.92.51.40:8080 46.101.212.195:8080 46.29.183.211:8080 91.205.215.57:7080 190.10.194.42:8080 77.55.211.77:8080 109.169.86.13:8080 190.1.37.125:443 # Reference: https://app.any.run/tasks/a30f1cfa-5088-4993-9435-58e2df1791a9/ 181.16.17.210:443 chefchaouen360.com faithmontessorischools.com japanesepdf.com # Reference: https://twitter.com/blackorbird/status/1191185536372920320 46.105.131.68:8080 # Reference: https://medium.com/@vishal_29486/emotet-sep-2019-wk-3-c2i-urls-f3bb8b10e17f http://95.42.189.34/rtm/child/ http://41.227.243.107/child/report/publish/ http://190.18.153.249/json/ http://189.150.218.69/loadan/ http://104.236.135.119/site/tlb/ http://162.243.125.212/schema/loadan/ http://217.13.106.160/teapot/jit/publish/ http://5.230.147.179/guids/img/ http://64.13.225.150/publish/nsip/ http://95.128.43.213/raster/srvc/publish/ http://187.234.36.129/ringin/ http://37.209.252.121/taskbar/schema/publish/enabled/ http://211.63.71.72/xian/vermont/publish/enabled/ http://174.93.130.148/results/enable/publish/ http://83.110.80.67/site/devices/publish/enabled/ http://50.31.0.160/devices/cookies/publish/enabled/ http://175.100.138.82/enabled/dma/ http://190.128.26.2/attrib/odbc/publish/ http://45.123.3.54/ringin/balloon/publish/enabled/ http://78.186.5.109/raster/codec/publish/ http://69.198.17.7/cookies/ http://50.250.136.225/ban/teapot/ http://24.63.218.229/merge/rtm/ http://217.165.84.98/balloon/acquire/ http://106.51.237.174/entries/raster/ http://167.114.210.191/devices/window/publish/ http://45.33.49.124/attrib/ http://147.135.210.39/cone/ http://94.76.200.114/psec/ http://96.64.191.13/devices/ http://190.161.186.116/guids/ http://201.220.152.101/cone/ http://67.205.149.117/balloon/forced/ http://133.242.156.30/badge/loadan/publish/ http://201.152.64.25/walk/free/publish/enabled/ http://70.57.82.196/scripts/add/publish/ http://138.201.140.110/acquire/ http://201.236.95.82/mult/ringin/publish/enabled/ http://186.4.234.27/codec/sess/publish/ http://114.79.191.12/merge/ http://190.36.237.47/free/chunk/ http://189.252.110.239/tpt/schema/publish/enabled/ http://190.97.219.241/add/ http://92.154.101.154/between/ http://201.170.241.239/cone/iplk/publish/enabled/ http://85.104.59.244/enable/odbc/publish/enabled/ http://103.12.133.7/loadan/balloon/ http://87.106.139.101/devices/health/publish/enabled/ http://183.82.1.142/merge/splash/publish/ http://212.122.71.196/chunk/ http://87.106.210.123/arizona/ http://62.75.187.192/iab/ http://187.189.195.208/psec/scripts/ http://201.146.85.239/sess/merge/ http://83.222.124.62/badge/enabled/ http://173.255.250.241/usbccid/ http://189.222.167.65/srvc/between/ http://173.255.196.209/nsip/entries/publish/enabled/ http://63.77.201.245/pnp/child/ http://178.62.37.188/srvc/guids/publish/ http://208.78.100.202/pdf/ http://91.92.191.134/scripts/ http://95.42.189.34/json/ http://125.99.106.225/forced/loadan/publish/ http://41.227.243.107/merge/ http://47.41.213.2/between/ban/ http://206.189.98.125/child/json/free/ http://200.21.90.6/raster/ http://187.163.222.244/forced/ http://186.4.234.27/devices/window/free/enabled/ http://190.97.219.241/report/enabled/free/ http://87.106.136.232/tlb/usbccid/ http://213.14.166.152/merge/entries/free/ http://125.99.106.226/guids/ http://60.48.253.12/child/ http://187.189.195.208/acquire/guids/free/enabled/ http://92.154.101.154/enabled/report/free/ http://189.209.217.49/child/results/free/enabled/ http://41.220.119.246/child/forced/ http://217.13.106.160/scripts/arizona/ http://188.166.253.46/jit/loadan/free/ http://162.243.125.212/merge/ http://75.127.14.170/guids/xian/ http://159.65.25.128/arizona/ringin/free/enabled/ http://190.72.136.214/site/srvc/ http://50.99.132.7/badge/publish/ http://50.31.0.160/ringin/chunk/free/enabled/ http://31.172.240.91/dma/schema/free/ http://104.236.99.225/teapot/vermont/free/enabled/ http://46.101.142.115/between/prov/free/enabled/ http://222.214.218.136/taskbar/enable/free/ http://201.199.89.223/walk/ http://85.104.59.244/tlb/cookies/ http://190.25.255.98/site/badge/free/ http://190.145.67.134/balloon/cab/ http://216.98.148.156/iab/health/free/ http://45.123.3.54/prov/site/free/enabled/ http://24.139.205.186/raster/teapot/free/enabled/ http://78.186.5.109/devices/walk/ http://136.243.177.26/json/acquire/free/enabled/ http://120.150.236.64/pdf/raster/free/ http://181.189.213.231/cab/window/free/enabled/ http://187.225.213.90/stubs/enabled/free/ http://88.21.212.13/img/ http://190.75.47.24/enabled/ http://178.152.78.149/enabled/cone/ http://39.61.34.254/balloon/guids/free/enabled/ http://182.176.132.213/mult/symbols/free/ http://138.201.140.110/merge/results/free/ http://186.144.64.31/schema/tlb/free/enabled/ http://91.74.62.86/prep/loadan/ http://178.79.161.166/results/free/free/ http://147.135.210.39/ringin/ http://144.139.247.220/symbols/ http://222.214.218.192/schema/srvc/ http://69.45.19.145/merge/publish/ http://201.220.152.101/iplk/chunk/ http://186.4.167.166/scripts/attrib/free/ http://84.241.10.111/taskbar/prov/free/enabled/ http://162.144.119.216/child/ http://142.93.88.16/splash/ http://31.12.67.62/enabled/cookies/free/enabled/ http://91.83.93.103/cone/ http://104.131.208.175/ringin/ http://62.75.187.192/site/balloon/ http://177.242.214.30/symbols/site/ http://211.248.17.209/usbccid/walk/free/enabled/ http://195.242.117.231/cookies/acquire/free/ http://87.106.139.101/entries/merge/free/ http://94.76.200.114/cookies/sym/free/ http://179.32.19.219/publish/ http://200.85.46.122/acquire/entries/free/ http://169.239.182.217/prov/cone/free/enabled/ http://190.25.255.98/enable/taskbar/free/ http://104.131.11.150/srvc/ http://201.238.152.20/iplk/results/free/ http://190.83.191.92/raster/forced/ http://78.24.219.147/symbols/arizona/ http://179.14.2.75/psec/pdf/free/enabled/ http://59.103.164.174/glitch/nsip/free/ http://71.244.60.230/loadan/sess/free/ http://190.128.26.2/nsip/publish/free/ http://182.176.94.236/pdf/iab/free/enabled/ http://87.230.19.21/pnp/schema/ http://175.100.138.82/badge/vermont/ http://117.218.17.6/loadan/prov/ http://91.205.215.66/pdf/enable/free/ http://187.163.180.243/enabled/iplk/free/enabled/ http://211.63.71.72/report/badge/ http://190.25.255.98/usbccid/cab/free/ http://64.13.225.150/xian/health/free/ http://181.129.30.82/enabled/ http://46.105.131.87/glitch/ http://66.84.11.168/cone/teapot/free/enabled/ http://182.176.94.236/acquire/ http://80.1.76.46/acquire/ http://77.56.253.112/psec/ http://212.71.234.16/merge/ http://95.128.43.213/xian/enabled/free/enabled/ http://167.114.210.191/taskbar/between/free/enabled/ http://177.246.193.139/usbccid/glitch/ http://178.62.37.188/publish/child/ http://174.136.14.100/sym/taskbar/free/ http://78.188.7.213/enabled/report/ http://104.236.246.93/cab/results/free/ http://45.33.49.124/acquire/ http://47.41.213.2/acquire/ http://206.189.98.125/psec/ http://200.21.90.6/walk/xian/free/enabled/ http://187.163.222.244/usbccid/ http://186.4.234.27/symbols/ http://190.97.219.241/arizona/ringin/free/enabled/ http://87.106.136.232/loadan/srvc/ http://213.14.166.152/bml/publish/free/ http://125.99.106.226/add/chunk/free/ http://60.48.253.12/raster/schema/free/enabled/ http://187.189.195.208/rtm/attrib/ http://92.154.101.154/iplk/prov/free/enabled/ http://189.209.217.49/walk/enable/ http://41.220.119.246/enabled/iplk/free/ http://217.13.106.160/child/psec/ http://188.166.253.46/json/dma/free/ http://162.243.125.212/report/odbc/free/ http://75.127.14.170/tpt/balloon/free/enabled/ http://159.65.25.128/splash/splash/free/ http://190.72.136.214/forced/pnp/free/ http://50.99.132.7/ban/ http://50.31.0.160/raster/json/free/enabled/ http://31.172.240.91/splash/raster/free/ http://104.236.99.225/free/scripts/free/enabled/ http://46.101.142.115/usbccid/merge/ http://222.214.218.136/jit/enabled/free/enabled/ http://201.199.89.223/arizona/between/ http://85.104.59.244/taskbar/glitch/free/ http://190.25.255.98/iab/taskbar/free/enabled/ http://190.145.67.134/raster/report/free/ http://216.98.148.156/ringin/ http://45.123.3.54/report/forced/ http://24.139.205.186/srvc/ http://78.186.5.109/free/add/ http://136.243.177.26/psec/stubs/ http://120.150.236.64/guids/ringin/free/ http://181.189.213.231/usbccid/ http://187.225.213.90/iab/publish/free/ http://88.21.212.13/symbols/ http://190.75.47.24/arizona/attrib/free/enabled/ http://178.152.78.149/results/prov/free/ http://39.61.34.254/acquire/iplk/free/ http://182.176.132.213/devices/ http://138.201.140.110/sym/ http://186.144.64.31/publish/ http://91.74.62.86/cone/ http://178.79.161.166/arizona/site/free/enabled/ http://147.135.210.39/arizona/tpt/free/enabled/ http://144.139.247.220/scripts/rtm/pdf/enabled/ http://222.214.218.192/psec/ http://69.45.19.145/sym/ http://201.220.152.101/xian/window/pdf/enabled/ http://186.4.167.166/window/enabled/pdf/ http://84.241.10.111/scripts/ http://162.144.119.216/enable/ http://142.93.88.16/attrib/ http://31.12.67.62/child/child/ http://91.83.93.103/symbols/guids/pdf/ http://104.131.208.175/rtm/report/pdf/enabled/ # Reference: https://any.run/report/55dfe66f79cd29e7d145b2ac8737753c5450f635660e66b5776e97cbe8c1a76c/e8aa6541-b117-4e28-9b0a-7e45587b67d9 191.100.24.201:50000 193.34.144.138:8080 74.208.173.91:8080 46.105.131.68:8080 152.169.32.143:8080 # Reference: https://any.run/report/3cf19ad5c06f025712300a4e93219e0faa35475402fae323b4daa4bbe1ba7bef/eebb6b29-c512-4502-96ea-fafedfd21ecb 189.252.102.40:8080 # Reference: https://any.run/report/90fb407e71334f7ca323d9f6537706d54cafed3bf9538799b79b89658ae067ee/b893ddb7-d8ff-4994-8a7a-644851c4fced 85.234.143.94:8080 204.225.249.100:8080 178.249.187.151:8080 # Reference: https://any.run/report/603d002fe4cd0bd24f19036d9885877062233ffb32309c510f10e86ac1bc9f38/b492d8c0-56ed-48ea-b10e-1147c848753b 104.239.175.211:8080 67.225.179.64:8080 183.102.238.69:465 # Reference: https://twitter.com/malware_traffic/status/1196554607658459136 # Reference: https://app.any.run/tasks/1496c35f-f44a-4913-b7de-847a421bdfe1/ # Reference: https://www.virustotal.com/gui/ip-address/144.76.56.36/relations # Reference: https://www.virustotal.com/gui/ip-address/94.156.35.235/relations 144.76.56.36:8080 65.23.154.17:8080 94.156.35.235:443 # Reference: https://pastebin.com/5iAUEP7J jameslotz.com/wp-admin/k3s20753/ monitoring.bactrack.com/wp-content/cmdz7/ enegix.com/pytosj2jd/v9s7ze3/ jaafarattar.com/pytosj2jd/2re2j5773/ iruainvestments.com/pytosj2jd/0nc76zs40663/ handbookforfairygodmothers.com/yjlsdsd/k3/ yummybox.uk/wp-admin/7Q/ scrapy999.com/cgi-bin/g1oi/ bunifood.com/pytosj2jd/pazg/ eurobizconsulting.it/cgi-bin/9q6ty/ # Reference: https://app.any.run/tasks/68191492-99f0-464f-bb25-dd4f006c2c64/ http://momo2.test.zinimedia.com/medias/2wgtpu56548/ # Reference: https://app.any.run/tasks/dd109624-8140-4935-a10f-da93f909b3cf/ http://astrametals.com/wp-content/im24279/ # Reference: https://app.any.run/tasks/c1a626cf-c6e1-4405-8893-b45fe2b08323/ # Reference: https://app.any.run/tasks/27f879de-fbd3-4b44-89b3-67955cc78a71/ 109.169.86.13:8080 125.99.61.162:7080 142.93.114.137:8080 149.62.173.247:8080 154.120.227.206:8080 159.203.204.126:8080 170.130.31.177:8080 172.104.233.225:8080 178.79.163.131:8080 182.48.194.6:8090 186.23.132.93:990 190.146.131.105:8080 190.195.129.227:8090 190.210.184.138:995 190.97.30.167:990 201.190.133.235:8080 203.25.159.3:8080 212.71.237.140:8080 213.189.36.51:8080 217.199.160.224:8080 50.28.51.143:8080 51.255.165.160:8080 62.75.160.178:8080 68.183.170.114:8080 68.183.190.199:8080 70.32.78.99:8080 77.55.211.77:8080 80.85.87.122:8080 81.213.215.216:50000 87.106.77.40:7080 87.118.70.69:8080 88.250.223.190:8080 91.204.163.19:8090 91.205.215.57:7080 91.83.93.124:7080 92.169.250.229:8080 94.183.71.206:7080 # Reference: https://app.any.run/tasks/810d6543-148f-4b1e-8266-b7bf63fb3f18/ 209.97.168.52:8080 217.149.241.121:8080 31.47.234.186:8080 31.47.234.186:8080 37.187.2.199:443 46.101.7.140:8080 50.116.86.205:8080 69.64.67.20:8080 # Reference: https://www.virustotal.com/gui/domain/kids-education-support.com/relations kids-education-support.com # Reference: https://www.virustotal.com/gui/file/811fa8cd3dfb73070dc5c2f646c3b009944c6b4353cbf72a2355986606b1a7a0/detection 185.189.58.222:5050 92.63.197.59:5050 # Reference: https://pastebin.com/LdXdyCGQ 212.71.234.16:8080 78.47.106.72:8080 165.227.156.155:443 192.241.255.77:8080 181.57.193.14:80 86.22.221.170:80 37.187.2.199:443 179.12.170.148:8080 95.128.43.213:8080 59.103.164.174:80 152.89.236.214:8080 78.24.219.147:8080 190.226.44.20:21 104.236.246.93:8080 190.145.67.134:8090 104.239.175.211:8080 46.105.131.87:80 144.139.247.220:80 83.136.245.190:8080 171.101.153.86:990 190.211.207.11:443 104.131.44.150:8080 189.209.217.49:80 186.4.172.5:443 87.106.136.232:8080 87.106.139.101:8080 94.205.247.10:80 181.143.194.138:443 200.71.148.138:8080 186.4.172.5:20 62.75.187.192:8080 169.239.182.217:8080 92.222.216.44:8080 192.241.220.155:8080 87.230.19.21:8080 80.11.163.139:21 182.176.132.213:8090 31.172.240.91:8080 37.157.194.134:443 31.12.67.62:7080 190.53.135.159:21 191.92.209.110:7080 138.201.140.110:8080 45.33.49.124:443 103.39.131.88:80 167.71.10.37:8080 167.99.105.223:7080 85.104.59.244:20 115.78.95.230:443 186.75.241.230:80 67.225.179.64:8080 181.31.213.158:8080 104.131.11.150:8080 212.129.24.79:8080 217.160.182.191:8080 211.63.71.72:8080 159.65.25.128:8080 173.212.203.26:8080 5.196.74.210:8080 183.102.238.69:465 186.4.172.5:8080 178.79.161.166:443 192.81.213.192:8080 176.31.200.130:8080 178.210.51.222:8080 173.249.47.77:8080 91.205.215.66:8080 149.202.153.252:8080 # Reference: https://twitter.com/tkanalyst/status/1199711428082425857 # Reference: https://app.any.run/tasks/4f792e29-48b8-40ae-9e11-6f29c3ac7204/ 104.236.137.72:8080 172.104.233.225:8080 # Reference: https://twitter.com/malware_traffic/status/1199754976748359680 178.63.78.150:8080 192.161.190.171:8080 80.93.48.49:7080 # Reference: https://twitter.com/malware_traffic/status/1199787380477235201 149.202.153.251:8080 222.239.249.166:443 50.63.13.135:8080 80.211.32.88:8080 82.145.43.153:8080 92.119.123.10:8080 # Reference: https://twitter.com/Cryptolaemus1/status/1200047745307951105 # Reference: https://pastebin.com/raw/Sk3z09G0 116.48.142.21:443 12.229.155.122:80 120.150.246.241:80 121.175.14.59:990 125.230.36.147:443 128.65.154.183:443 144.139.56.105:80 164.68.101.171:80 165.228.24.197:80 172.90.70.168:443 177.103.201.23:80 187.144.236.211:443 187.250.92.82:80 190.101.87.170:80 195.244.215.206:80 197.254.221.174:80 2.38.99.79:80 202.226.238.55:80 220.146.36.244:80 41.218.118.66:80 47.187.70.124:443 5.88.182.250:80 72.27.212.209:8080 77.211.249.124:80 77.241.53.234:80 78.15.114.100:80 81.213.145.45:443 85.105.183.228:443 91.73.197.90:80 95.219.199.225:80 # Reference: https://app.any.run/tasks/78fb71f7-e32b-4ab4-9871-5d46465ee886/ # Reference: https://www.virustotal.com/gui/ip-address/190.12.119.180/relations 190.12.119.180:443 # Reference: https://twitter.com/Cryptolaemus1/status/1200388377805279232 # Reference: https://pastebin.com/raw/tKXqac1m 101.187.247.29:80 107.2.2.28:80 109.166.89.91:80 110.143.18.92:80 116.48.138.115:80 118.200.218.193:443 118.201.230.249:80 122.11.164.183:80 186.215.101.106:80 187.233.220.93:443 189.180.105.125:443 190.12.119.180:443 195.191.107.67:80 197.90.159.42:80 200.71.193.220:443 201.183.251.100:80 211.218.105.101:80 213.179.105.214:8080 47.50.251.130:80 60.53.3.153:8080 80.21.182.46:80 80.29.54.20:80 83.110.107.243:443 85.130.127.2:80 98.196.49.107:80 # Reference: https://twitter.com/peric0/status/1200535559615201285 # Reference: https://app.any.run/tasks/92158989-24e1-43df-9cc1-958aadacdce8/ 31.41.221.148:80 5.63.8.237:443 88.198.60.25:80 95.216.124.146:443 artnkrafts.com arvinhayat.com mototorg.com peruorganiconatural.com primekala.com # Reference: https://twitter.com/luc4m/status/1201929340717547520 # Reference: https://pastebin.com/tk8Wj4ya 104.131.58.132:8080 104.236.137.72:8080 109.166.89.91:80 109.169.86.13:8080 110.143.18.92:80 116.48.138.115:80 118.200.218.193:443 119.59.124.163:8080 121.175.14.59:990 125.99.61.162:7080 134.209.214.126:8080 138.68.106.4:7080 139.5.237.27:443 14.160.93.230:80 142.127.57.63:8080 142.93.114.137:8080 144.139.56.105:80 149.62.173.247:8080 154.120.227.206:8080 159.203.204.126:8080 163.172.40.218:7080 172.104.233.225:8080 178.79.163.131:8080 181.135.153.203:443 181.198.203.45:443 181.231.62.54:80 181.36.42.205:443 181.61.143.177:80 182.48.194.6:8090 183.82.97.25:80 185.86.148.222:8080 186.15.83.52:8080 186.68.48.204:443 188.14.39.65:443 188.216.24.204:80 189.173.113.67:443 190.102.226.91:80 190.146.131.105:8080 190.17.42.79:80 190.186.164.23:80 190.195.129.227:8090 190.210.184.138:995 190.38.14.52:80 190.4.50.26:80 190.97.30.167:990 191.103.76.34:443 2.38.99.79:80 200.113.106.18:80 200.123.101.90:80 200.124.225.32:80 200.58.83.179:80 201.163.74.202:443 201.190.133.235:8080 201.213.32.59:80 203.130.0.69:80 203.25.159.3:8080 204.63.252.182:443 207.154.204.40:8080 212.71.237.140:8080 213.189.36.51:8080 217.199.160.224:8080 37.132.193.19:8080 45.79.95.107:443 46.101.212.195:8080 46.28.111.142:7080 47.146.42.234:80 47.187.70.124:443 5.196.35.138:7080 50.28.51.143:8080 51.255.165.160:8080 62.75.143.100:7080 62.75.160.178:8080 63.246.252.234:80 68.183.170.114:8080 68.183.190.199:8080 69.163.33.84:8080 72.29.55.174:80 73.167.135.180:80 77.241.53.234:80 77.55.211.77:8080 80.29.54.20:80 80.85.87.122:8080 81.213.215.216:50000 82.196.15.205:8080 82.8.232.51:80 85.234.143.94:8080 86.42.166.147:80 87.106.77.40:7080 87.118.70.69:8080 88.250.223.190:8080 91.204.163.19:8090 91.205.215.57:7080 91.83.93.124:7080 95.179.195.74:80 96.20.84.254:7080 98.196.49.107:80 # Reference: https://app.any.run/tasks/5275f984-a656-41d5-b031-496accf03e4b/ 105.227.58.49:80 # Reference: https://pastebin.com/jfsfQ6Cq 1.32.54.12:8080 103.122.75.218:80 103.9.145.19:8080 110.142.161.90:80 113.52.135.33:7080 115.179.91.58:80 119.159.150.176:443 122.11.164.183:80 123.142.37.165:80 124.150.175.129:8080 124.150.175.133:80 138.197.140.163:8080 142.93.87.198:8080 143.95.101.72:8080 152.169.32.143:8080 162.144.46.90:8080 163.172.97.112:8080 172.104.70.207:8080 172.105.213.30:80 172.90.70.168:443 174.57.150.13:8080 176.58.93.123:80 177.103.201.23:80 178.134.1.238:80 181.197.108.171:443 181.44.166.242:80 181.47.235.26:993 182.176.116.139:995 186.215.101.106:80 186.66.224.182:990 187.177.155.123:990 187.233.220.93:443 187.250.92.82:80 188.230.134.205:80 189.225.211.171:443 189.61.200.9:443 190.101.87.170:80 190.161.67.63:80 190.171.135.235:80 190.189.79.73:80 190.5.162.204:80 191.100.24.201:50000 192.161.190.171:8080 192.163.221.191:8080 192.210.217.94:8080 192.241.220.183:8080 193.33.38.208:443 195.191.107.67:80 198.57.217.170:8080 200.71.112.158:53 201.183.251.100:80 201.196.15.79:990 210.111.160.220:80 210.224.65.117:80 211.218.105.101:80 212.112.113.235:80 212.129.14.27:8080 216.75.37.196:8080 221.154.59.110:80 23.253.207.142:8080 24.27.122.202:80 24.28.178.71:80 37.59.24.25:8080 41.218.118.66:80 41.77.74.214:443 45.129.121.222:443 46.105.128.215:8080 46.105.131.68:8080 46.17.6.116:8080 5.189.148.98:8080 50.116.78.109:8080 51.38.134.203:8080 58.93.151.148:80 60.53.3.153:8080 67.171.182.231:80 67.254.196.78:443 69.30.205.162:7080 72.27.212.209:8080 72.69.99.47:80 77.245.12.212:80 78.186.102.195:80 78.46.87.133:8080 81.213.145.45:443 81.82.247.216:80 82.79.244.92:80 83.110.107.243:443 83.156.88.159:80 83.99.211.160:80 85.105.183.228:443 85.109.190.235:443 86.6.123.109:80 89.215.225.15:80 91.117.31.181:80 95.216.207.86:7080 95.216.212.157:8080 98.15.140.226:80 # Reference: https://twitter.com/Jouliok/status/1204348553117798400 # Reference: https://app.any.run/tasks/af64addf-eaec-4936-8ae1-49de48511547/ bigbizyou.fr # Reference: https://www.virustotal.com/gui/file/d7fa60d982e84f82f1e310801990591ad9d518921d338e0d6045555cd9a55abb/detection http://12.176.19.218 # Reference: https://twitter.com/luc4m/status/1204102158012100608 # Reference: https://pastebin.com/B5R4ggig 104.131.58.132:8080 104.236.137.72:8080 109.166.89.91:80 109.169.86.13:8080 116.48.138.115:80 118.200.218.193:443 119.59.124.163:8080 125.99.61.162:7080 130.45.45.31:80 134.209.214.126:8080 138.68.106.4:7080 139.5.237.27:443 14.160.93.230:80 142.127.57.63:8080 142.93.114.137:8080 144.139.56.105:80 144.2.165.179:80 149.135.123.65:80 149.62.173.247:8080 159.203.204.126:8080 163.172.40.218:7080 172.104.233.225:8080 178.79.163.131:8080 181.135.153.203:443 181.198.203.45:443 181.231.62.54:80 181.36.42.205:443 181.61.143.177:80 183.82.97.25:80 185.160.212.3:80 185.86.148.222:8080 186.15.83.52:8080 186.68.48.204:443 188.14.39.65:443 188.216.24.204:80 190.102.226.91:80 190.146.131.105:8080 190.17.42.79:80 190.186.164.23:80 190.195.129.227:8090 190.210.184.138:995 190.38.14.52:80 190.4.50.26:80 190.97.30.167:990 191.103.76.34:443 2.139.158.136:443 2.38.99.79:80 2.44.167.52:80 200.119.11.118:443 200.123.101.90:80 200.124.225.32:80 200.58.83.179:80 201.163.74.202:443 201.190.133.235:8080 201.213.32.59:80 202.186.240.165:8080 203.130.0.69:80 203.25.159.3:8080 204.63.252.182:443 207.154.204.40:8080 212.71.237.140:8080 217.199.160.224:8080 37.183.121.32:80 45.50.177.164:80 45.79.95.107:443 46.101.212.195:8080 46.28.111.142:7080 47.146.42.234:80 47.187.70.124:443 5.196.35.138:7080 5.88.27.67:8080 50.28.51.143:8080 51.255.165.160:8080 58.171.181.213:80 62.75.143.100:7080 62.75.160.178:8080 63.246.252.234:80 68.129.203.162:443 68.183.170.114:8080 68.183.190.199:8080 69.163.33.84:8080 72.29.55.174:80 73.167.135.180:80 77.241.53.234:80 77.55.211.77:8080 79.31.85.103:80 80.29.54.20:80 80.85.87.122:8080 82.196.15.205:8080 82.8.232.51:80 83.165.163.225:80 85.234.143.94:8080 86.42.166.147:80 87.106.46.107:8080 87.106.77.40:7080 87.118.70.69:8080 88.250.223.190:8080 91.204.163.19:8090 91.205.215.57:7080 91.83.93.124:7080 93.67.154.252:443 95.179.195.74:80 96.126.121.64:443 96.20.84.254:7080 96.61.113.203:80 98.196.49.107:80 # Reference: https://app.any.run/tasks/3f80a1bc-55d1-444b-9000-327db827ef8a cigpcl.com http://85.152.208.146 http://68.174.15.223 # Reference: https://twitter.com/Sentry_23/status/1204371815591817216 162.241.92.219:8080 # Reference: https://twitter.com/luc4m/status/1204453473015586816 # Reference: https://pastebin.com/LPpTsymc 2.44.167.52:80 2.139.158.136:443 5.88.27.67:8080 5.196.35.138:7080 14.160.93.230:80 37.183.121.32:80 45.50.177.164:80 45.79.95.107:443 46.28.111.142:7080 46.101.212.195:8080 47.146.42.234:80 47.187.70.124:443 50.28.51.143:8080 51.255.165.160:8080 58.171.181.213:80 62.75.143.100:7080 62.75.160.178:8080 63.246.252.234:80 68.129.203.162:443 68.183.170.114:8080 68.183.190.199:8080 69.163.33.84:8080 72.29.55.174:80 73.167.135.180:80 76.221.133.146:80 77.55.211.77:8080 77.241.53.234:80 79.31.85.103:80 80.29.54.20:80 80.85.87.122:8080 82.8.232.51:80 82.196.15.205:8080 83.165.163.225:80 85.234.143.94:8080 86.42.166.147:80 87.106.46.107:8080 87.106.77.40:7080 87.118.70.69:8080 88.250.223.190:8080 91.83.93.124:7080 91.204.163.19:8090 91.205.215.57:7080 93.67.154.252:443 95.179.195.74:80 96.20.84.254:7080 96.61.113.203:80 96.126.121.64:443 98.196.49.107:80 104.33.129.244:80 104.131.58.132:8080 104.236.137.72:8080 109.166.89.91:80 109.169.86.13:8080 116.48.138.115:80 118.200.218.193:443 119.59.124.163:8080 125.99.61.162:7080 130.45.45.31:80 134.209.214.126:8080 138.68.106.4:7080 139.5.237.27:443 142.93.114.137:8080 142.127.57.63:8080 144.2.165.179:80 144.139.56.105:80 149.62.173.247:8080 149.135.123.65:80 159.203.204.126:8080 163.172.40.218:7080 172.90.70.168:8080 172.104.233.225:8080 178.79.163.131:8080 181.36.42.205:443 181.61.143.177:80 181.135.153.203:443 181.198.203.45:443 181.231.62.54:80 183.82.97.25:80 184.184.202.167:443 185.86.148.222:8080 185.160.212.3:80 186.15.83.52:8080 186.68.48.204:443 188.14.39.65:443 188.216.24.204:80 190.4.50.26:80 190.17.42.79:80 190.38.14.52:80 190.97.30.167:990 190.102.226.91:80 190.146.131.105:8080 190.186.164.23:80 190.195.129.227:8090 190.210.184.138:995 191.103.76.34:443 200.58.83.179:80 200.119.11.118:443 200.123.101.90:80 200.124.225.32:80 201.163.74.202:443 201.190.133.235:8080 201.213.32.59:80 202.186.240.165:8080 203.25.159.3:8080 203.130.0.69:80 204.63.252.182:443 207.154.204.40:8080 212.71.237.140:8080 217.199.160.224:8080 # Reference: https://twitter.com/pollo290987/status/1205363829678518273 /fhdr1acb63nl723f_9uy53v64/index.php # Reference: https://twitter.com/malware_traffic/status/1205171614788313101 96.234.38.186:8080 # Reference: https://twitter.com/Cryptolaemus1/status/1205506348936548353 # Reference: https://pastebin.com/KaWyyr31 1.33.230.137:80 100.14.117.137:80 101.187.134.207:443 101.187.247.29:80 103.86.49.11:8080 104.131.11.150:8080 104.131.44.150:8080 104.236.246.93:8080 104.237.155.168:443 105.227.35.51:80 107.170.24.125:8080 107.2.2.28:80 108.179.206.219:8080 108.191.2.72:80 110.142.38.16:80 110.143.57.109:80 110.143.84.202:80 116.48.142.21:443 12.176.19.218:80 12.229.155.122:80 120.150.246.241:80 128.65.154.183:443 138.59.177.106:443 139.130.241.252:443 144.139.247.220:80 149.202.153.252:8080 159.65.25.128:8080 165.227.156.155:443 165.228.24.197:80 167.114.242.226:8080 167.71.10.37:8080 167.99.105.223:7080 169.239.182.217:8080 173.91.11.142:80 176.106.183.253:8080 176.31.200.130:8080 178.209.71.63:8080 178.210.51.222:8080 179.13.185.19:80 181.57.193.14:80 182.176.132.213:8090 183.102.238.69:465 183.102.238.69:80 186.67.208.78:8080 186.75.241.230:80 188.152.7.140:80 189.209.217.49:80 190.12.119.180:443 190.147.215.53:22 190.220.19.82:443 190.226.44.20:21 190.53.135.159:21 192.241.255.77:8080 195.244.215.206:80 197.254.221.174:80 2.235.190.23:8080 2.38.99.79:80 200.7.243.108:443 201.173.217.124:443 201.184.105.242:443 201.251.133.92:443 206.189.112.148:8080 206.81.10.215:8080 206.81.10.215:80 209.141.54.221:8080 209.97.168.52:8080 210.6.85.121:80 211.63.71.72:8080 212.129.24.79:8080 212.64.171.206:80 217.160.182.191:8080 218.44.21.114:80 24.45.193.161:7080 31.131.182.30:80 31.172.240.91:8080 31.31.77.83:443 37.157.194.134:443 37.59.24.177:8080 45.33.49.124:443 45.51.40.140:80 45.56.88.91:443 46.105.131.87:80 47.156.70.145:80 47.6.15.79:443 47.6.15.79:80 5.196.74.210:8080 5.88.182.250:80 50.116.86.205:8080 58.171.42.66:8080 59.103.164.174:80 61.197.110.214:80 62.75.187.192:8080 64.147.15.138:80 64.53.242.181:8080 66.34.201.20:7080 66.76.63.99:80 67.225.179.64:8080 68.118.26.116:80 70.175.171.251:80 73.11.153.178:8080 73.176.241.255:80 73.214.99.25:80 74.105.102.97:8080 75.80.148.244:80 78.24.219.147:8080 80.21.182.46:80 81.0.63.86:8080 82.155.161.203:80 83.136.245.190:8080 85.72.180.68:80 86.98.156.239:443 87.106.136.232:8080 87.106.139.101:8080 87.230.19.21:8080 91.205.215.66:8080 91.73.197.90:80 92.222.216.44:8080 93.147.141.5:80 95.128.43.213:8080 98.24.231.64:80 # Reference: https://twitter.com/VK_Intel/status/1206497909858078720 # Reference: https://www.virustotal.com/gui/file/de8f44a132a0968356621c69413840b6b259e1d8c7c0708cda5e3b62be4eb787/detection 91.121.89.129:8443 # Reference: https://twitter.com/matte_lodi/status/1207575386835607552 http://63.248.198.8 proyectoin.com # Reference: https://twitter.com/malware_traffic/status/1208205659466092544 24.181.125.62:80 # Reference: https://pastebin.com/4VENH618 1.215.28.101:8080 1.217.126.11:443 1.221.254.82:80 100.14.117.137:80 101.187.134.207:443 101.187.247.29:80 103.108.146.195:80 103.86.49.11:8080 104.131.11.150:8080 104.131.44.150:8080 104.131.58.132:8080 104.137.176.186:80 104.236.137.72:8080 104.236.246.93:8080 105.209.235.113:8080 107.170.24.125:8080 108.179.206.219:8080 108.184.9.44:80 108.191.2.72:80 108.20.69.44:80 109.169.86.13:8080 110.142.161.90:443 110.142.161.90:80 110.142.38.16:80 110.143.84.202:80 110.170.65.146:80 110.2.118.164:80 112.186.195.176:80 112.218.134.227:80 113.190.254.245:80 113.52.135.33:7080 113.61.76.239:80 114.109.179.60:80 114.179.127.48:80 115.179.91.58:80 116.48.142.21:443 118.36.70.245:80 119.59.124.163:8080 12.176.19.218:80 120.150.246.241:80 120.150.247.164:80 120.151.135.224:80 120.51.83.89:443 121.88.5.176:443 122.116.104.238:7080 124.150.175.129:8080 124.150.175.133:80 125.99.61.162:7080 128.65.154.183:443 136.243.250.34:8080 138.122.5.214:8080 138.197.140.163:8080 138.59.177.106:443 138.68.106.4:7080 139.130.241.252:443 139.130.242.43:80 139.162.118.88:8080 139.162.183.41:443 139.59.12.63:8080 14.160.93.230:80 14.161.30.33:443 14.201.35.38:80 142.93.114.137:8080 142.93.87.198:8080 144.139.247.220:80 144.139.56.105:80 144.139.91.187:80 144.217.117.207:8080 149.202.153.252:8080 149.62.173.247:8080 151.237.36.220:80 154.120.227.190:443 156.155.163.232:80 157.7.164.178:8081 158.69.167.246:8080 159.203.204.126:8080 159.65.25.128:8080 159.69.89.130:8080 160.119.153.20:80 160.16.215.66:8080 162.144.46.90:8080 163.172.40.218:7080 163.172.97.112:8080 165.100.148.200:8080 165.227.156.155:443 165.228.195.93:80 167.71.10.37:8080 167.99.105.223:7080 168.235.67.138:8080 168.235.82.183:8080 169.239.182.217:8080 172.104.70.207:8080 173.12.14.133:8080 173.21.26.90:80 173.247.19.238:80 173.66.96.135:80 173.91.11.142:80 174.77.190.137:8080 174.81.132.128:80 175.103.239.50:80 175.114.178.83:443 175.127.140.68:80 176.106.183.253:8080 176.31.200.130:8080 176.58.93.123:80 177.103.159.44:80 177.103.240.93:80 177.144.130.105:443 177.180.115.224:80 177.242.21.126:80 177.34.142.163:80 178.134.1.238:80 178.153.176.124:80 178.210.51.222:8080 178.237.139.83:8080 178.32.255.133:443 178.63.78.150:8080 178.79.163.131:8080 179.13.185.19:80 179.159.198.70:80 179.208.84.218:8080 179.5.118.12:8080 180.33.6.136:443 180.92.239.110:8080 181.10.204.106:80 181.126.70.117:80 181.167.35.84:80 181.196.27.123:80 181.198.203.45:443 181.231.220.232:80 181.36.42.205:443 181.53.29.136:8080 181.61.143.177:80 182.176.116.139:995 182.176.132.213:8090 182.187.137.199:8080 183.101.175.193:80 183.102.238.69:465 183.87.40.21:8080 183.99.239.141:80 184.167.148.162:80 185.144.138.190:80 185.160.212.3:80 185.160.229.26:80 185.192.75.240:443 185.244.167.25:443 185.86.148.222:8080 186.15.83.52:8080 186.177.174.163:80 186.4.172.5:8080 186.67.208.78:8080 186.68.48.204:443 186.75.241.230:80 186.84.173.136:8080 187.188.166.192:8080 187.250.92.82:80 187.54.225.76:80 187.72.47.161:443 188.0.135.237:80 188.135.15.49:80 188.152.7.140:80 188.216.24.204:80 188.218.104.226:80 188.251.213.180:443 189.159.115.178:8080 189.19.81.181:443 189.201.197.98:8080 189.203.177.41:443 189.225.211.171:443 189.26.118.194:80 189.61.200.9:443 190.100.153.162:443 190.115.18.139:8080 190.117.226.104:80 190.12.119.180:443 190.151.5.130:443 190.161.180.184:80 190.161.67.63:80 190.162.159.212:80 190.17.44.48:80 190.17.94.108:443 190.171.135.235:80 190.171.153.139:80 190.186.164.23:80 190.189.224.117:443 190.201.144.85:7080 190.210.184.138:995 190.210.236.139:80 190.219.149.236:80 190.220.19.82:443 190.231.210.35:80 190.231.42.130:80 190.38.152.143:80 190.38.252.45:443 190.47.236.83:80 190.5.162.204:80 190.53.135.159:21 190.55.181.54:443 190.74.246.158:8080 190.93.210.113:80 191.100.24.201:50000 191.103.76.34:443 191.183.21.190:80 192.161.190.171:8080 192.163.221.191:7080 192.210.217.94:8080 192.241.146.84:8080 192.241.220.183:8080 192.241.241.221:443 192.241.255.77:8080 193.33.38.208:443 195.201.56.70:8080 195.244.215.206:80 197.94.32.129:8080 198.199.112.197:8080 198.46.150.196:7080 198.57.217.170:7080 2.235.190.23:8080 2.237.76.249:80 2.38.99.79:80 2.42.173.240:80 2.45.112.134:80 2.47.112.72:80 200.114.167.85:80 200.116.145.225:443 200.119.11.118:443 200.123.183.137:443 200.124.225.32:80 200.21.90.5:443 200.41.121.69:443 200.45.187.90:80 200.55.53.7:80 200.58.83.179:80 200.82.170.231:80 200.82.88.254:80 201.137.247.222:443 201.173.217.124:443 201.183.251.100:80 201.184.105.242:443 201.196.15.79:990 201.213.32.59:80 202.62.39.111:80 203.124.57.50:80 203.130.0.69:80 203.153.216.178:7080 203.160.173.202:80 203.25.159.3:8080 206.189.112.148:8080 206.81.10.215:8080 207.154.204.40:8080 209.141.54.221:8080 209.146.22.34:443 209.97.168.52:8080 210.111.160.220:80 210.171.146.118:80 210.224.65.117:80 210.6.85.121:80 211.42.204.154:80 211.48.165.9:443 211.63.71.72:8080 212.112.113.235:80 212.129.14.27:8080 212.237.50.61:8080 212.253.82.142:443 212.71.237.140:8080 216.251.83.79:80 216.75.37.196:8080 217.12.70.226:80 217.160.182.191:8080 217.181.139.237:443 217.199.160.224:8080 219.75.66.103:80 219.78.255.48:80 220.255.57.31:80 220.78.29.88:80 221.154.59.110:80 223.255.148.134:80 23.253.207.142:8080 24.105.202.216:443 24.181.125.62:80 24.28.178.71:80 24.94.237.248:80 31.172.240.91:8080 31.177.54.196:443 31.31.77.83:443 37.120.185.153:443 37.157.194.134:443 37.187.6.63:8080 37.46.129.215:8080 37.59.24.177:8080 37.59.24.25:8080 37.70.131.107:80 41.111.190.94:80 41.185.29.128:8080 41.60.200.34:80 41.77.74.214:443 42.51.192.231:8080 45.33.49.124:443 45.51.40.140:80 45.79.95.107:443 45.8.136.201:80 46.101.212.195:8080 46.101.7.140:8080 46.105.131.68:8080 46.105.131.87:80 46.17.6.116:8080 46.216.60.138:80 46.28.111.142:7080 46.32.229.152:8080 47.149.28.234:80 47.153.183.211:80 47.156.70.145:80 47.6.15.79:443 47.6.15.79:80 5.154.58.24:80 5.178.245.100:80 5.189.148.98:8080 5.196.35.138:7080 5.196.74.210:8080 5.32.55.214:80 5.88.27.67:8080 50.116.78.109:8080 50.116.86.205:8080 50.28.51.143:8080 51.159.23.217:443 51.255.165.160:8080 51.38.134.203:8080 51.77.113.97:8080 58.162.218.151:80 58.171.38.26:80 58.171.42.66:8080 58.185.224.18:80 59.103.164.174:80 59.120.5.154:80 59.148.227.190:80 59.158.164.66:443 59.8.197.241:80 60.231.217.199:8080 62.138.26.28:8080 62.15.36.103:443 62.75.143.100:7080 62.75.160.178:8080 62.75.187.192:8080 63.248.198.8:80 64.147.15.138:80 64.53.242.181:8080 66.209.97.122:8080 66.229.161.86:443 66.25.34.20:80 66.34.201.20:7080 67.225.179.64:8080 67.254.196.78:443 68.118.26.116:80 68.174.15.223:80 68.183.170.114:8080 68.183.190.199:8080 68.187.160.28:443 69.14.208.221:80 69.163.33.84:8080 69.30.205.162:7080 70.169.53.234:80 70.175.171.251:80 70.46.247.81:80 71.83.82.123:8080 72.27.212.209:8080 72.29.55.174:80 72.51.153.27:80 73.11.153.178:8080 73.214.99.25:80 73.217.39.73:80 73.60.8.210:80 74.105.102.97:8080 74.79.103.55:80 75.127.72.18:8080 75.86.6.174:80 76.164.99.46:80 77.55.211.77:8080 78.186.102.195:80 78.189.165.52:8080 78.189.60.109:443 78.210.132.35:80 78.24.219.147:8080 78.46.87.133:8080 79.159.249.152:80 79.7.114.1:80 79.7.158.208:80 80.11.158.65:8080 81.82.247.216:80 82.146.55.23:7080 82.165.15.188:8080 82.196.15.205:8080 82.27.181.93:80 82.79.244.92:80 82.8.232.51:80 83.156.88.159:80 83.165.78.227:80 83.248.141.198:80 85.100.122.211:80 85.109.190.235:443 85.152.174.56:80 85.152.208.146:80 85.235.219.74:80 85.67.10.190:80 86.42.166.147:80 86.98.156.239:443 87.106.136.232:8080 87.106.139.101:8080 87.106.46.107:8080 87.106.77.40:7080 87.230.19.21:8080 87.9.181.247:80 88.247.26.78:80 88.248.140.80:80 88.249.120.205:80 88.249.181.198:443 89.215.225.15:80 91.117.131.122:80 91.117.159.233:80 91.117.31.181:80 91.117.83.59:80 91.191.206.60:443 91.205.173.150:8080 91.205.215.57:7080 91.205.215.66:443 91.73.197.90:80 91.74.175.46:80 91.83.93.103:443 91.83.93.124:7080 92.16.222.156:80 92.222.216.44:8080 93.144.226.57:80 93.147.141.5:80 94.200.114.162:80 94.200.126.42:80 94.203.236.122:80 95.128.43.213:8080 95.130.37.244:443 95.216.207.86:7080 95.216.212.157:8080 95.9.217.200:8080 96.61.113.203:80 97.120.32.227:80 98.15.140.226:80 98.156.206.153:80 98.178.241.106:80 98.30.113.161:80 99.252.27.6:80 # Reference: https://twitter.com/luc4m/status/1217152651046948864 # Reference: https://pastebin.com/KGF4uy28 104.131.58.132:8080 109.169.86.13:8080 110.142.161.90:443 110.170.65.146:80 113.190.254.245:80 113.61.76.239:80 114.109.179.60:80 118.36.70.245:80 119.59.124.163:8080 120.150.247.164:80 125.99.61.162:7080 138.68.106.4:7080 139.162.118.88:8080 14.160.93.230:80 14.201.35.38:80 142.93.114.137:8080 144.139.56.105:80 149.62.173.247:8080 151.237.36.220:80 151.80.142.33:80 152.231.89.226:80 159.65.241.220:8080 165.228.195.93:80 172.104.169.32:8080 175.114.178.83:443 177.103.159.44:80 177.242.21.126:80 177.34.142.163:80 177.92.14.34:80 178.79.163.131:8080 179.208.84.218:8080 181.10.204.106:80 181.129.96.162:990 181.167.96.215:80 181.231.220.232:80 181.30.61.163:443 181.30.61.163:80 181.36.42.205:443 185.160.212.3:80 185.160.229.26:80 185.86.148.222:8080 185.94.252.12:80 186.15.52.123:80 186.15.83.52:8080 186.68.48.204:443 187.188.166.192:8080 187.54.225.76:80 188.135.15.49:80 189.19.81.181:443 189.201.197.98:8080 189.26.118.194:80 190.100.153.162:443 190.151.5.130:443 190.17.44.48:80 190.186.164.23:80 190.191.82.216:80 190.195.129.227:8090 190.210.184.138:995 190.210.236.139:80 190.219.149.236:80 191.103.76.34:443 191.183.21.190:80 192.241.143.52:8080 192.241.146.84:8080 2.42.173.240:80 2.45.112.134:80 2.47.112.72:80 200.123.183.137:443 200.45.187.90:80 200.55.53.7:80 200.58.83.179:80 201.213.100.141:8080 201.213.32.59:80 202.62.39.111:80 203.130.0.69:80 203.25.159.3:8080 207.154.204.40:8080 212.71.237.140:8080 216.251.83.79:80 217.199.160.224:8080 37.120.185.153:443 37.187.6.63:8080 45.79.95.107:443 45.8.136.201:80 46.101.212.195:8080 46.28.111.142:7080 5.196.35.138:7080 5.88.27.67:8080 50.28.51.143:8080 58.162.218.151:80 58.171.38.26:80 59.120.5.154:80 62.15.36.103:443 62.75.143.100:7080 62.75.160.178:8080 63.248.198.8:80 68.174.15.223:80 68.183.170.114:8080 68.183.190.199:8080 68.187.160.28:443 69.163.33.84:8080 72.29.55.174:80 76.69.26.71:80 77.55.211.77:8080 79.7.114.1:80 79.7.158.208:80 80.11.158.65:8080 81.16.1.45:80 81.213.78.151:443 82.196.15.205:8080 82.8.232.51:80 83.165.78.227:80 85.105.241.192:80 86.123.138.76:80 86.42.166.147:80 87.106.46.107:8080 87.106.77.40:7080 89.211.114.203:80 91.117.159.233:80 91.205.215.57:7080 91.74.175.46:80 93.144.226.57:80 94.176.234.118:443 94.200.126.42:80 96.61.113.203:80 97.120.32.227:80 99.252.27.6:80 # Reference: https://twitter.com/DFNCERT/status/1218190294769971203 # Reference: https://app.any.run/tasks/59210c37-fda8-41a6-8ab1-0b2eee9d2145/ 68.172.243.146:80 # Reference: https://pastebin.com/iniJV48S 1.217.126.11:443 1.221.254.82:80 105.209.235.113:8080 106.248.79.174:80 110.142.161.90:80 110.2.118.164:80 112.186.195.176:80 114.179.127.48:80 122.116.104.238:7080 122.176.116.57:443 122.19.63.27:80 124.150.175.133:80 125.209.114.180:443 139.59.12.63:8080 14.161.30.33:443 142.93.87.198:8080 144.139.91.187:80 144.76.56.36:8080 149.202.153.251:8080 154.73.137.131:80 156.155.163.232:80 157.7.164.178:8081 158.69.167.246:8080 160.119.153.20:80 160.226.171.255:443 162.144.46.90:8080 163.172.107.70:8080 176.58.93.123:80 177.103.240.93:80 177.144.130.105:443 178.33.167.120:8080 179.5.118.12:8080 180.16.248.25:80 181.196.27.123:80 181.39.96.86:443 181.53.29.136:8080 182.176.116.139:995 183.82.123.60:443 183.87.40.21:8080 183.91.3.63:80 185.207.57.205:443 186.147.245.204:80 186.223.86.136:443 186.84.173.136:8080 187.177.155.123:990 187.72.47.161:443 188.251.213.180:443 190.17.94.108:443 190.171.153.139:80 190.201.144.85:7080 190.5.162.204:80 190.93.210.113:80 192.210.217.94:8080 192.241.220.183:8080 192.241.241.221:443 195.201.56.70:8080 196.6.119.137:80 197.94.32.129:8080 200.82.88.254:80 201.183.251.100:80 203.124.57.50:80 203.153.216.178:7080 211.20.154.102:80 211.229.116.130:80 212.112.113.235:80 212.129.14.27:8080 216.75.37.196:8080 220.247.70.174:80 23.253.207.142:8080 24.141.12.228:80 24.70.40.15:8080 37.46.129.215:8080 41.215.79.182:80 41.77.74.214:443 42.51.192.231:8080 46.17.6.116:8080 46.32.229.152:8080 5.178.245.100:80 5.196.200.208:8080 50.116.78.109:8080 51.38.134.203:8080 51.77.113.97:8080 58.185.224.18:80 58.92.179.55:443 59.135.126.129:443 60.130.173.117:80 60.152.212.149:80 61.204.119.188:443 61.221.152.140:80 67.254.196.78:443 69.14.208.221:80 70.45.30.28:80 72.27.212.209:8080 75.127.14.170:8080 75.86.6.174:80 76.11.76.47:80 76.185.136.132:80 76.87.58.38:80 77.74.78.80:443 78.101.95.172:80 78.186.102.195:80 78.188.170.128:80 78.189.165.52:8080 78.189.60.109:443 78.210.132.35:80 78.46.87.133:8080 80.211.32.88:8080 81.82.247.216:80 82.146.55.23:7080 82.165.15.188:8080 85.100.122.211:80 85.109.190.235:443 88.225.230.33:80 88.247.53.159:443 88.248.140.80:80 88.249.181.198:443 89.215.225.15:80 91.117.131.122:80 91.117.31.181:80 91.73.169.210:80 91.83.93.103:443 95.130.37.244:443 95.216.207.86:7080 95.9.217.200:8080 98.15.140.226:80 98.178.241.106:80 98.192.74.164:80 # Reference: https://app.any.run/tasks/9056d965-915a-498a-83bc-a750fc0389f2/ # Reference: https://www.virustotal.com/gui/ip-address/98.199.196.197/relations # Reference: https://www.virustotal.com/gui/ip-address/188.85.143.170/relations # Reference: https://www.virustotal.com/gui/ip-address/195.223.215.190/relations 98.199.196.197:80 188.85.143.170:80 195.223.215.190:80 testtaglabel.com/wp-includes/LqYA88863/ xishicanting.com/wp-admin/jIx/ # Reference: https://app.any.run/tasks/881f5580-7cee-4156-bc70-d9592d526345/ # Reference: https://www.virustotal.com/gui/ip-address/113.61.76.239/relations # Reference: https://www.virustotal.com/gui/ip-address/68.62.245.148/relations # Reference: https://www.virustotal.com/gui/ip-address/91.242.136.103/relations salman.vetkare.com/dashboard/ccABOH4/ 113.61.76.239:80 68.62.245.148:80 91.242.136.103:80 # Reference: https://twitter.com/Jouliok/status/1219952503032250368 # Reference: https://app.any.run/tasks/4092920b-325b-494e-b00e-edc0b494c2d8/ # Reference: https://www.virustotal.com/gui/ip-address/68.114.229.171/relations # Reference: https://www.virustotal.com/gui/ip-address/74.101.225.121/relations 68.114.229.171:80 74.101.225.121:80 74.101.225.121:443 # Reference: https://www.virustotal.com/gui/ip-address/72.186.137.156/relations 72.186.137.156:80 # Reference: https://www.virustotal.com/gui/ip-address/66.7.242.50/relations 66.7.242.50:80 66.7.242.50:8080 # Reference: https://twitter.com/gibbersen/status/1220405804106420225 186.177.165.196:443 # Reference: https://www.virustotal.com/gui/ip-address/177.103.157.126/relations 177.103.157.126:80 # Reference: https://app.any.run/tasks/effd2c56-edcc-4ae8-9643-7265de85ceea/ # Reference: https://app.any.run/tasks/8e35de27-f9d8-4d2f-bb83-7cad61d10e69/ 70.184.9.39:8080 108.6.140.26:80 207.180.227.229:8080 # Reference: https://pastebin.com/E2VjnVCx 167.71.10.37:8080 37.157.194.134:443 217.199.160.224:8080 192.241.255.77:8080 31.31.77.83:443 108.191.2.72:80 185.160.212.3:80 70.175.171.251:80 67.254.196.78:443 66.34.201.20:7080 37.46.129.215:8080 79.7.114.1:80 110.143.84.202:80 110.2.118.164:80 203.153.216.178:7080 45.8.136.201:80 217.12.70.226:80 190.17.94.108:443 82.165.15.188:8080 165.228.195.93:80 187.188.166.192:8080 181.231.220.232:80 98.156.206.153:80 173.21.26.90:80 200.55.53.7:80 91.117.159.233:80 110.142.161.90:443 173.66.96.135:80 47.153.183.211:80 41.60.200.34:80 98.30.113.161:80 79.159.249.152:80 189.203.177.41:443 190.117.226.104:80 70.169.53.234:80 91.73.169.210:80 200.82.88.254:80 85.105.241.192:80 27.109.153.201:8090 41.215.79.182:80 106.248.79.174:80 77.74.78.80:443 172.104.169.32:8080 91.250.96.22:8080 95.213.236.64:8080 66.7.242.50:8080 72.186.137.156:80 197.89.27.26:8080 115.95.6.218:443 61.204.119.188:443 70.123.95.180:80 201.236.135.104:443 61.37.31.243:80 189.159.112.237:8080 76.104.80.47:80 64.66.6.71:8080 115.65.111.148:443 104.131.44.150:8080 78.24.219.147:8080 92.222.216.44:8080 46.105.131.87:80 182.176.132.213:8090 211.63.71.72:8080 5.196.74.210:8080 104.236.246.93:8080 87.106.139.101:8080 87.106.136.232:8080 190.53.135.159:21 149.202.153.252:8080 62.75.187.192:8080 45.33.49.124:443 95.128.43.213:8080 159.65.25.128:8080 31.172.240.91:8080 201.184.105.242:443 59.103.164.174:80 104.131.11.150:8080 169.239.182.217:8080 217.160.182.191:8080 87.230.19.21:8080 176.58.93.123:80 192.241.220.183:8080 216.75.37.196:8080 95.216.207.86:7080 212.112.113.235:80 157.7.164.178:8081 51.38.134.203:8080 68.183.190.199:8080 178.79.163.131:8080 87.106.77.40:7080 62.75.143.100:7080 62.75.160.178:8080 203.25.159.3:8080 138.68.106.4:7080 149.62.173.247:8080 91.83.93.124:7080 212.71.237.140:8080 181.29.101.13:8080 185.86.148.222:8080 86.42.166.147:80 181.36.42.205:443 68.183.170.114:8080 119.59.124.163:8080 50.28.51.143:8080 82.196.15.205:8080 5.196.35.138:7080 46.28.111.142:7080 125.99.61.162:7080 151.80.142.33:80 91.205.215.57:7080 77.55.211.77:8080 109.169.86.13:8080 78.186.5.109:443 190.17.44.48:80 200.58.83.179:80 159.65.241.220:8080 186.15.83.52:8080 64.53.242.181:8080 70.45.30.28:80 149.202.153.251:8080 46.105.131.69:443 46.32.229.152:8080 89.32.150.160:8080 105.247.123.133:8080 41.185.29.128:8080 69.163.33.84:8080 45.79.95.107:443 23.253.207.142:8080 172.104.70.207:8080 201.213.32.59:80 211.229.116.130:80 183.102.238.69:465 142.93.87.198:8080 142.93.114.137:8080 207.154.204.40:8080 190.210.184.138:995 217.160.19.232:8080 187.177.155.123:990 50.116.78.109:8080 78.46.87.133:8080 46.17.6.116:8080 162.144.46.90:8080 212.129.14.27:8080 190.195.129.227:8090 203.130.0.69:80 209.97.168.52:8080 50.116.86.205:8080 182.176.116.139:995 206.189.112.148:8080 206.81.10.215:8080 190.186.164.23:80 186.68.48.204:443 191.103.76.34:443 50.63.13.135:8080 144.139.56.105:80 195.244.215.206:80 120.150.246.241:80 91.73.197.90:80 72.27.212.209:8080 190.12.119.180:443 201.183.251.100:80 190.5.162.204:80 108.179.206.219:8080 69.30.205.162:7080 210.111.160.220:80 192.210.217.94:8080 81.82.247.216:80 82.79.244.92:80 89.215.225.15:80 72.29.55.174:80 188.216.24.204:80 82.8.232.51:80 5.88.27.67:8080 87.106.46.107:8080 110.142.161.90:80 78.186.102.195:80 139.130.241.252:443 58.171.42.66:8080 210.6.85.121:80 201.173.217.124:443 98.15.140.226:80 41.77.74.214:443 91.117.31.181:80 85.109.190.235:443 209.141.54.221:8080 73.11.153.178:8080 68.174.15.223:80 2.42.173.240:80 47.156.70.145:80 175.127.140.68:80 139.59.12.63:8080 185.244.167.25:443 158.69.167.246:8080 42.51.192.231:8080 91.74.175.46:80 139.162.118.88:8080 37.120.185.153:443 192.241.146.84:8080 103.86.49.11:8080 94.200.114.162:80 47.6.15.79:80 47.6.15.79:443 91.117.131.122:80 177.103.240.93:80 179.13.185.19:80 190.220.19.82:443 88.247.26.78:80 82.146.55.23:7080 37.70.131.107:80 51.77.113.97:8080 113.61.76.239:80 80.11.158.65:8080 99.252.27.6:80 58.185.224.18:80 95.9.217.200:8080 85.152.174.56:80 2.237.76.249:80 91.205.215.66:443 69.14.208.221:80 156.155.163.232:80 185.192.75.240:443 190.100.153.162:443 188.135.15.49:80 85.67.10.190:80 177.144.130.105:443 189.19.81.181:443 2.45.112.134:80 195.223.215.190:80 151.237.36.220:80 121.88.5.176:443 160.16.215.66:8080 62.138.26.28:8080 120.151.135.224:80 178.237.139.83:8080 190.93.210.113:80 197.94.32.129:8080 112.186.195.176:80 191.183.21.190:80 175.114.178.83:443 93.144.226.57:80 58.171.38.26:80 37.187.6.63:8080 110.170.65.146:80 24.105.202.216:443 24.94.237.248:80 98.178.241.106:80 190.171.153.139:80 179.5.118.12:8080 177.242.21.126:80 190.210.236.139:80 200.123.183.137:443 202.62.39.111:80 114.109.179.60:80 113.190.254.245:80 181.10.204.106:80 85.100.122.211:80 78.189.165.52:8080 88.248.140.80:80 105.209.235.113:8080 95.130.37.244:443 45.73.157.243:8080 216.251.83.79:80 62.15.36.103:443 58.162.218.151:80 201.213.100.141:8080 14.201.35.38:80 94.200.126.42:80 59.120.5.154:80 79.7.158.208:80 120.150.247.164:80 188.218.104.226:80 200.82.170.231:80 177.103.159.44:80 189.201.197.98:8080 2.47.112.72:80 190.191.82.216:80 190.219.149.236:80 47.180.91.213:80 181.143.126.170:80 186.86.247.171:443 5.32.55.214:80 200.21.90.5:443 181.126.70.117:80 139.130.242.43:80 223.197.185.60:80 88.249.120.205:80 188.0.135.237:80 180.92.239.110:8080 178.153.176.124:80 190.55.181.54:443 200.116.145.225:443 60.231.217.199:8080 209.146.22.34:443 196.6.119.137:80 1.217.126.11:443 1.221.254.82:80 78.210.132.35:80 203.124.57.50:80 75.86.6.174:80 91.83.93.103:443 78.189.60.109:443 122.116.104.238:7080 144.139.91.187:80 181.196.27.123:80 183.87.40.21:8080 195.201.56.70:8080 188.251.213.180:443 192.241.241.221:443 160.119.153.20:80 14.161.30.33:443 187.72.47.161:443 181.30.61.163:80 186.15.52.123:80 81.213.78.151:443 204.225.249.100:7080 185.94.252.12:80 24.164.79.147:8080 190.117.126.169:80 221.165.123.72:80 37.187.72.193:8080 110.36.217.66:8080 190.146.205.227:8080 183.91.3.63:80 183.82.123.60:443 185.207.57.205:443 125.209.114.180:443 154.73.137.131:80 181.39.96.86:443 60.130.173.117:80 163.172.107.70:8080 5.196.200.208:8080 160.226.171.255:443 82.145.43.153:8080 61.221.152.140:80 122.176.116.57:443 75.127.14.170:8080 78.188.170.128:80 152.231.89.226:80 86.123.138.76:80 192.241.143.52:8080 76.69.26.71:80 200.45.187.90:80 181.167.96.215:80 181.129.96.162:990 81.16.1.45:80 94.176.234.118:443 177.239.160.121:80 78.189.180.107:80 201.229.45.222:8080 105.27.155.182:80 205.185.117.108:8080 62.75.141.82:80 186.147.245.204:80 60.152.212.149:80 88.247.53.159:443 70.184.69.146:80 186.177.165.196:443 139.47.135.215:80 129.205.201.163:80 151.231.7.154:80 78.142.114.69:80 24.141.12.228:80 76.11.76.47:80 220.247.70.174:80 24.196.49.98:80 93.147.141.5:443 72.189.57.105:80 73.239.11.159:80 82.152.149.79:80 186.200.205.170:80 68.172.243.146:80 64.40.250.5:80 101.187.134.207:8080 181.13.24.82:80 101.187.197.33:443 178.20.74.212:80 103.97.95.218:80 60.250.78.22:443 118.185.7.132:80 58.92.179.55:443 180.16.248.25:80 186.223.86.136:443 98.199.196.197:80 100.6.23.40:80 200.71.200.4:443 190.114.244.182:443 190.143.39.231:80 90.69.145.210:8080 101.187.237.217:80 98.192.74.164:80 59.135.126.129:443 24.70.40.15:8080 178.33.167.120:8080 144.76.56.36:8080 88.225.230.33:80 153.183.25.24:80 153.137.36.142:80 182.74.249.74:80 68.62.245.148:80 91.242.136.103:80 76.104.80.47:443 74.130.83.133:80 85.105.205.77:8080 87.81.51.125:80 202.175.121.202:8090 176.9.43.37:8080 5.199.130.105:7080 190.131.167.50:80 124.99.167.65:443 68.114.229.171:80 74.101.225.121:443 152.168.248.128:443 211.192.153.224:80 81.214.253.80:443 180.33.71.88:80 175.181.7.188:80 37.211.67.229:80 177.103.157.126:80 203.45.161.179:443 73.125.15.41:80 185.243.92.42:8080 75.114.235.105:80 78.101.70.199:443 42.200.226.58:80 45.55.65.123:8080 99.229.254.209:80 190.63.7.166:8080 81.214.142.115:80 186.138.186.74:443 190.24.243.186:80 175.139.209.3:8080 108.6.140.26:80 70.184.9.39:8080 222.144.13.169:80 189.212.199.126:443 72.176.87.136:80 150.246.246.238:80 202.229.211.95:80 # Reference: https://app.any.run/tasks/d5d42b37-39d3-4c1d-81f0-f6df25ae4bf9/ 195.250.143.182:80 rahatsozluk.com # Reference: https://app.any.run/tasks/78465443-f40b-48eb-a4ba-9189953a96a2/ 190.6.193.152:8080 200.69.224.73:80 # Reference: https://app.any.run/tasks/4d39b07f-4ea9-40ed-a379-e29bc6b924c0/ 71.197.197.100:80 24.167.122.146:8080 # Reference: https://app.any.run/tasks/fcc29969-14fe-40d0-b556-167453c0d7b1/ # Reference: https://www.virustotal.com/gui/ip-address/71.126.247.90/relations # Reference: https://www.virustotal.com/gui/ip-address/98.239.119.52/relations 104.236.28.47:8080 71.126.247.90:80 80.86.91.91:8080 98.239.119.52:80 # Reference: https://twitter.com/malwrhunterteam/status/1226219678579777536 193.26.217.243:443 45.79.223.161:443 # Reference: https://www.virustotal.com/gui/domain/movin.cloud/relations movin.cloud # Reference: https://twitter.com/VK_Intel/status/1229512005591207936 # Reference: https://www.virustotal.com/gui/file/2dfc4c92635a2a86c8d70dc0931547f183467038dd95c857d374bdcb107a7d6b/detection machunion.com/kajsdfogijoig # Reference: https://twitter.com/James_inthe_box/status/1229520603020873728 # Reference: https://app.any.run/tasks/19018714-6f35-4a7b-9aa7-5783f8bc208b/ mappingskills.com/msdlfkbdkfjb # Reference: https://app.any.run/tasks/e2544e05-649d-4ef4-8490-26d503c0cf69/ 72.44.93.233:8080 # Reference: https://otx.alienvault.com/pulse/5e4e6a0d94a95ceef6df9cec # Reference: https://www.virustotal.com/gui/ip-address/70.187.114.147/relations 70.187.114.147:80 91.205.215.10:7080 91.205.215.10:80 houloul.org usaa-unlock.net shabon.co usaa-unlock.com # Reference: https://app.any.run/tasks/edb01a6a-5e48-43f3-833a-e2fb000fbc31/ 66.209.97.122:8080 174.77.190.137:8080 # Reference: https://twitter.com/seguridadyredes/status/1234215349454876672/photo/1 # Reference: https://www.virustotal.com/gui/ip-address/51.77.113.102/relations http://51.77.113.102 # Reference: https://twitter.com/Bitterman59/status/1233487861082677249 arcelik.servisimerkezim.com # Reference: https://www.virustotal.com/gui/file/fa99feb493d26c540fa722f044930534417a92ddb9b3e3b994702416bce27f38/behavior/Dr.Web%20vxCube monodoze.com/wp-content/SSlWN/ smartelecttronix.com/wp-includes/pHtVW/ puntoprecisoapp.com/ypb/C3p/ puntoprecisoapp.com/fORZa/ypb/C3p/ tomsnyder.net/Factures/ed/ puntoprecisoapp.com/pSgNQ/ypb/C3p/ themauritiustour.com/9fuc5ls/oPkA/ puntoprecisoapp.com/NRXVg/ypb/C3p/ puntoprecisoapp.com/OQWRh/ypb/C3p/ # Reference: https://www.virustotal.com/gui/domain/blueombrehairstyle.site/relations blueombrehairstyle.site/wp-admin/WTwFtrmTPyVSnESPjOoYOLtaIc # Reference: https://www.virustotal.com/gui/file/8ef3a86989c9654cd7b0914ab743459ad98702ea960612c66e331f858a791eb0/behavior/Lastline uccn.bru.ac.th/wp-content/rfaa0u4/ # Reference: https://app.any.run/tasks/db8063d7-b17b-4d40-88f1-9b4212a48a97/ # Reference: https://www.virustotal.com/gui/ip-address/68.202.51.4/relations http://68.202.51.4 # Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html (# Win.Dropper.Emotet-7600941-0) # Reference: https://www.virustotal.com/gui/ip-address/104.32.141.43/relations # Reference: https://www.virustotal.com/gui/ip-address/181.61.224.26/relations # Reference: https://www.virustotal.com/gui/ip-address/189.201.197.106/relations # Reference: https://www.virustotal.com/gui/ip-address/212.174.57.124/relations # Reference: https://www.virustotal.com/gui/ip-address/216.75.37.196/relations # Reference: https://www.virustotal.com/gui/ip-address/74.105.51.75/relations # Reference: https://www.virustotal.com/gui/ip-address/89.108.158.234/relations http://104.32.141.43 http://181.61.224.26 http://189.201.197.106 http://216.75.37.196 http://212.174.57.124 http://74.105.51.75 http://89.108.158.234 189.201.197.106:8080 212.174.57.124:8080 74.105.51.75:8080 89.108.158.234:8080 # Reference: https://twitter.com/tosscoinwitcher/status/1237223974750191616 42.115.22.145:80 95.85.22.63:443 # Reference: https://twitter.com/tosscoinwitcher/status/1237067625106030594 # Reference: https://www.virustotal.com/gui/ip-address/104.236.52.89/relations http://104.236.52.89 104.236.52.89:8080 # Reference: https://twitter.com/tosscoinwitcher/status/1237469398740303873 # Reference: https://twitter.com/tosscoinwitcher/status/1237499336021299202 # Reference: https://www.virustotal.com/gui/ip-address/1.163.163.199/relations # Reference: https://www.virustotal.com/gui/file/ed58cad9049c6c4af8029a5f4d087857be4306bcc0b4b3739c74f6caf0a458c8/detection http://1.163.163.199 http://165.255.105.53 # Reference: https://paste.cryptolaemus.com/emotet/2020/03/12/emotet-c2-rsa-update-03-12-20-1.html 1.163.163.199:80 101.187.97.173:80 102.182.145.130:80 102.22.62.71:80 103.205.177.228:443 103.31.232.93:443 103.61.109.13:80 103.97.95.221:80 104.131.103.37:8080 104.131.11.150:443 104.131.41.185:8080 104.236.161.64:8080 104.238.80.237:8080 104.32.141.43:80 105.224.209.135:443 107.184.91.187:80 109.236.109.159:8080 110.145.124.178:443 110.145.77.103:80 110.37.226.196:80 110.44.113.2:8080 111.67.12.221:8080 112.68.240.21:80 113.160.180.109:80 113.160.235.179:8080 113.160.88.86:443 113.161.148.81:80 113.61.66.94:80 115.65.111.148:80 115.75.6.2:443 115.79.195.246:80 116.73.14.186:80 116.90.228.177:80 116.90.229.22:80 117.2.133.44:443 117.7.236.115:80 118.200.116.83:80 118.69.70.109:80 118.69.71.14:80 12.162.84.2:8080 120.150.142.241:80 120.150.76.215:80 120.151.194.117:80 122.116.104.238:8080 124.150.175.133:443 125.63.106.22:80 130.204.245.137:80 132.248.38.158:80 133.208.252.149:80 136.243.205.112:7080 14.141.203.150:80 14.161.6.60:80 143.0.87.101:80 148.102.77.148:80 152.169.32.195:80 152.170.108.99:443 152.170.196.157:443 152.32.78.6:80 153.160.71.129:53 153.174.73.130:80 154.120.227.190:20 154.120.227.190:80 156.67.114.199:80 161.18.233.114:80 162.255.112.157:443 163.53.180.227:80 164.77.130.222:80 164.77.131.165:80 165.255.105.53:80 168.235.67.138:7080 173.66.242.48:80 173.79.107.84:80 177.139.131.143:443 177.144.135.2:80 177.188.121.26:443 177.6.166.4:80 177.66.190.130:80 177.72.13.80:80 178.62.75.204:8080 179.184.65.222:80 179.232.65.117:80 179.5.118.12:80 181.122.172.67:8080 181.13.24.83:443 181.16.18.72:8080 181.164.25.59:80 181.167.53.79:443 181.225.24.251:80 181.230.116.163:80 181.31.211.181:80 181.54.182.135:80 181.56.163.152:80 181.60.247.8:443 181.61.224.26:80 182.71.222.187:80 182.73.199.226:8080 183.131.156.10:7080 183.91.15.80:8080 185.135.109.128:80 185.155.20.82:80 185.160.212.5:80 185.94.252.104:443 185.94.252.27:443 186.10.92.114:80 186.138.210.130:80 186.167.16.242:80 186.189.228.84:80 186.3.185.206:80 186.3.232.68:80 186.33.141.88:80 187.162.250.23:80 187.188.163.98:80 187.212.208.8:8080 187.241.28.114:80 187.51.47.26:80 189.1.185.248:80 189.14.80.194:443 189.220.246.167:80 189.42.145.34:80 190.111.215.3:8080 190.117.226.104:443 190.128.90.22:80 190.13.215.114:80 190.147.137.153:443 190.17.195.202:80 190.190.134.145:80 190.190.26.188:80 190.194.151.145:80 190.2.31.172:80 190.247.9.40:443 190.57.130.142:443 190.79.103.57:80 195.82.165.181:20 197.94.32.129:20 198.211.121.27:8080 198.58.119.85:8080 199.83.161.218:80 200.108.250.176:80 200.116.191.114:80 200.123.150.89:443 200.123.183.137:80 200.41.121.90:80 200.58.180.130:80 200.7.243.109:443 200.85.110.240:8080 201.155.204.151:80 201.17.193.151:443 202.175.121.202:8443 202.52.247.178:80 203.122.18.234:8080 203.153.216.182:7080 210.56.10.58:80 211.184.5.163:443 211.20.154.102:443 212.174.19.87:80 216.132.25.162:80 220.128.125.18:80 220.132.16.114:80 220.210.163.76:80 23.92.16.164:8080 24.196.13.216:80 24.249.73.48:80 31.146.61.34:80 37.139.21.175:8080 37.208.106.146:8080 37.222.74.104:8080 42.200.178.117:80 42.200.191.247:80 45.55.179.121:8080 47.146.123.171:80 47.156.64.4:80 49.204.68.26:20 5.32.84.54:80 5.39.91.110:7080 5.45.108.146:8080 50.35.17.13:80 54.39.177.43:80 54.39.187.202:443 58.177.172.160:80 59.120.74.106:80 59.20.65.102:80 60.142.249.243:80 61.92.159.208:8080 62.84.75.50:80 64.66.6.71:20 68.183.18.169:8080 70.32.115.157:8080 71.10.114.255:80 71.222.157.155:80 72.10.33.195:8080 72.202.237.228:80 72.231.228.196:80 72.47.248.48:7080 74.130.137.231:80 74.208.45.104:8080 75.133.26.185:80 77.69.8.132:7080 77.90.136.129:8080 79.99.107.130:443 81.215.14.128:80 83.169.21.32:7080 87.252.100.28:80 89.19.20.202:443 90.79.26.91:8080 91.219.169.180:80 91.231.166.124:8080 91.236.4.234:443 91.242.138.11:80 93.114.205.169:80 93.123.22.241:80 93.147.157.195:80 93.51.50.171:8080 94.206.82.254:443 94.76.247.61:8080 95.9.95.101:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/03/30/emotet-c2-rsa-update-03-30-20-1.html 104.182.56.131:443 109.73.110.33:80 110.143.8.89:80 110.37.226.196:443 113.160.130.116:8443 113.161.147.51:80 117.4.120.226:8080 118.70.126.251:443 134.19.217.180:80 149.135.10.19:80 168.197.252.178:80 177.0.241.28:80 177.139.128.221:80 177.230.81.0:22 177.73.3.204:80 179.62.26.236:80 180.222.165.169:80 181.164.215.193:80 181.176.191.27:443 181.228.91.247:443 184.57.130.8:80 186.176.228.2:80 186.208.123.210:443 186.80.169.128:80 187.162.248.237:80 188.129.197.149:80 188.251.213.180:8080 189.154.68.123:143 189.160.15.202:465 189.168.169.129:80 189.253.255.142:80 190.147.165.160:465 190.16.142.187:80 190.160.53.126:80 190.181.235.46:80 190.244.125.144:80 190.251.235.239:80 190.47.227.130:443 2.28.113.59:80 2.47.112.152:80 200.126.237.113:80 200.73.228.225:80 201.214.229.79:80 212.156.219.6:8080 213.243.211.114:80 24.179.13.119:80 24.194.252.25:80 37.210.228.23:80 41.169.20.147:80 41.203.62.170:80 45.118.136.92:8080 45.161.242.102:80 46.35.75.225:8080 47.150.248.161:80 49.176.162.90:80 60.117.26.28:80 61.197.37.169:80 67.20.141.76:80 68.115.64.219:80 68.203.213.226:80 73.155.126.84:80 73.176.10.71:80 80.102.134.174:8080 81.169.202.3:443 82.240.207.95:443 84.9.167.76:80 88.247.144.128:80 91.73.223.130:80 95.7.221.205:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/04/01/emotet-c2-rsa-update-04-01-20-1.html 189.134.47.51:443 101.187.104.105:80 60.53.206.244:80 70.180.44.93:80 221.133.46.86:443 88.244.56.219:80 201.91.28.210:80 46.214.11.172:80 65.24.85.214:80 190.108.228.62:8080 124.150.175.133:8080 170.82.195.50:80 # Reference: https://twitter.com/ScumBots/status/1238427161482211328 # Reference: https://www.virustotal.com/gui/ip-address/77.72.131.69/relations 77.72.131.69:442 77.72.131.69:8080 # Reference: https://twitter.com/sysopfb/status/1245787828300234752 # Reference: https://www.virustotal.com/gui/ip-address/23.95.238.106/relations http://23.95.238.106 # Reference: https://www.virustotal.com/gui/file/761287c60d47505b6d4bd079b49dd1ce3376217737c3aff8fd3daecdcc618e3f/behavior/Dr.Web%20vxCube # Reference: https://www.virustotal.com/gui/file/e3b41c0d0834c0d5b121012fe9219529afaed899420d99bd3dba11f2c0a8810b/behavior/Dr.Web%20vxCube # Reference: https://www.virustotal.com/gui/file/694bd6a04735b30d42ed40af026496ee1b77ce332c6570985a88358c82630d01/behavior/Dr.Web%20vxCube 197.87.130.229:8080 216.137.249.154:80 106.243.65.250:443 98.191.228.168:990 # Reference: https://www.virustotal.com/gui/ip-address/118.167.155.233/relations http://118.167.155.233 # Reference: https://paste.cryptolaemus.com/emotet/2020/04/06/emotet-c2-rsa-update-04-06-20-1.html 152.170.222.65:80 84.79.142.51:8080 94.130.171.231:8080 113.52.123.226:7080 95.180.25.146:80 82.223.70.24:8080 186.188.152.177:80 179.127.59.210:443 91.73.197.186:80 137.25.7.112:8080 181.30.69.50:80 190.229.148.144:80 176.111.60.55:8080 209.151.248.242:8080 142.105.151.124:443 # Reference: https://paste.cryptolaemus.com/emotet/2020/04/07/emotet-c2-rsa-update-04-07-20-1.html 201.213.100.141:443 87.127.197.7:8080 189.160.234.67:80 201.231.87.82:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/04/13/emotet-c2-rsa-update-04-13-20-1.html 67.235.68.222:80 110.145.101.66:443 93.147.137.162:80 137.59.187.107:8080 190.161.45.112:80 46.30.175.11:80 152.231.123.2:80 70.48.238.90:80 189.154.128.205:80 170.81.48.2:80 220.213.79.166:443 190.196.143.58:80 60.53.197.6:80 177.38.15.151:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/04/20/emotet-c2-rsa-update-04-20-20-1.html 68.44.137.144:443 114.145.241.208:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/04/30/emotet-c2-rsa-update-04-30-20-1.html 196.179.249.218:8080 85.94.81.18:80 193.80.169.64:80 78.12.27.172:80 132.255.227.134:80 # Reference: https://www.virustotal.com/gui/ip-address/103.38.12.139/relations 103.38.12.139:443 103.38.12.139:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/05/04/emotet-c2-rsa-update-05-04-20-1.html 195.76.232.114:80 85.94.170.73:80 186.188.222.3:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/05/11/emotet-c2-rsa-update-05-11-20-1.html 103.83.81.141:8080 95.216.118.202:8080 84.21.179.51:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/05/25/emotet-c2-rsa-update-05-25-20-1.html 162.154.38.103:80 186.226.226.116:80 181.92.244.156:80 41.215.92.157:80 190.47.227.130:80 213.60.96.117:80 79.45.112.220:80 153.133.224.78:80 140.207.113.106:443 # Reference: https://paste.cryptolaemus.com/emotet/2020/06/01/emotet-c2-rsa-update-06-01-20-1.html 190.163.1.31:8080 190.19.169.69:443 190.144.18.198:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/06/15/emotet-c2-rsa-update-06-15-20-1.html 121.124.124.40:7080 24.1.189.87:8080 46.105.131.79:8080 186.223.86.132:443 207.255.37.143:80 37.210.166.214:80 75.139.38.211:80 153.126.210.205:7080 # Reference: https://paste.cryptolaemus.com/emotet/2020/06/22/emotet-c2-rsa-update-06-22-20-1.html 190.111.215.4:8080 200.83.209.144:80 80.249.176.206:80 173.91.22.41:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/06/26/emotet-c2-rsa-update-06-26-20-1.html 46.49.124.53:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/07/06/emotet-c2-rsa-update-07-06-20-1.html 190.108.228.62:443 190.55.233.156:80 178.153.214.228:80 14.99.112.138:80 203.153.216.189:7080 61.19.246.238:443 41.169.20.147:8090 181.164.110.7:80 88.235.222.255:80 212.51.142.238:8080 91.211.88.52:7080 181.120.79.227:80 93.156.165.186:80 108.48.41.69:80 64.88.202.250:80 190.194.242.254:443 200.55.243.138:8080 217.13.106.14:8080 51.38.201.19:7080 81.2.235.111:8080 110.143.151.194:80 222.214.218.37:4143 139.59.60.244:8080 116.203.32.252:8080 186.250.52.226:8080 219.92.13.25:80 181.230.65.232:80 189.218.165.63:80 79.98.24.39:8080 # Reference: https://paste.cryptolaemus.com/emotet/2020/07/14/emotet-c2-rsa-update-07-14-20-1.html 217.199.160.224:7080 186.70.127.199:8090 137.74.106.111:7080 109.117.53.230:443 109.74.5.95:8080 198.27.69.201:8080 58.153.68.176:80 181.129.96.162:8080 210.165.156.91:80 87.106.231.60:8080 181.134.9.162:80 104.247.221.104:443 95.179.229.244:8080 157.245.99.39:8080 # Reference: https://paste.cryptolaemus.com/emotet/2020/07/20/emotet-c2-rsa-update-07-20-20-1.html 157.7.199.53:8080 124.45.106.173:443 74.207.230.187:8080 201.212.78.182:80 # Reference: https://www.virustotal.com/gui/file/a157a594207a18ada06373850abfce851648ff92ecf590b4539504ccd53c1354/detection 51.68.220.244:8080 # Reference: https://www.virustotal.com/gui/file/7aa1e0b8e78c3e0fd34f19b7398342d98216979a5a1ee19a5b89f83e4ce0fbbf/behavior/Dr.Web%20vxCube # Reference: https://www.virustotal.com/gui/file/1514389b50f6fb2be1712fa470e2b5c9a7455697bc029ca211f944d8d3907228/detection # Reference: https://www.virustotal.com/gui/file/dc4fa229a83ac9689fbbe7494d408c0806a769af5008df4ae6975b9e89a0c35f/behavior/Dr.Web%20vxCube tan-shuai.com/wp-content/9j34284/ raioz.com/img/qngig44/ raybo.net/bemcadd/7307/ avendtla.com/tcuv/pd27/ # Reference: https://twitter.com/58_158_177_102/status/1284138503127699458 109.117.53.230:443 tri-comma.com/wp-admin/MmD/ # Reference: https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/ 178.210.171.15:443 190.160.53.126:443 212.51.142.238:443 # Reference: https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/ # Reference: https://app.any.run/tasks/765ea589-8b55-4031-818e-521840513ed2/ http://201.212.78.182 74.207.230.187:8080 # Reference: https://twitter.com/malware_traffic/status/1285664072814538753 124.45.106.173:443 198.144.158.120:443 # Reference: https://paste.cryptolaemus.com/emotet/2020/07/28/emotet-malware-IoCs_07-28-20.html 190.164.75.175:80 212.231.60.98:80 76.27.179.47:80 70.167.215.250:8080 47.153.182.47:80 187.106.41.99:80 88.217.172.65:443 177.37.81.212:443 24.234.133.205:80 181.143.101.19:8080 177.75.143.112:443 78.189.111.208:443 67.225.201.19:8080 23.111.136.190:8080 181.113.229.139:443 195.14.0.12:8080 71.208.216.10:80 192.95.4.184:8080 201.214.108.231:80 209.182.216.177:443 179.60.229.168:443 95.9.185.228:443 212.156.133.218:80 177.73.0.98:443 83.110.223.58:443 24.43.99.75:80 71.50.31.38:80 191.182.6.118:80 144.139.91.187:443 190.163.31.26:80 189.1.185.98:8080 189.146.1.78:443 191.99.160.58:80 105.209.239.55:80 177.74.228.34:80 190.96.118.251:443 24.157.25.203:80 195.159.28.229:7080 # Reference: https://paste.cryptolaemus.com/emotet/2020/08/31/emotet-malware-IoCs_08-31-20.html 58.171.153.81:80 72.135.200.124:80 190.128.173.10:80 157.245.138.101:7080 194.187.133.160:443 188.2.217.94:80 190.136.179.102:80 95.9.180.128:80 137.119.36.33:80 190.225.150.234:80 178.148.55.236:8080 70.121.172.89:80 94.200.114.161:80 24.148.98.177:80 50.81.3.113:80 67.68.210.95:80 85.109.159.61:443 107.161.30.122:8080 206.15.68.237:443 24.135.1.177:80 2.144.244.204:443 200.114.213.233:8080 186.103.141.250:443 45.182.161.17:80 139.162.108.71:8080 86.98.143.163:80 93.147.212.206:80 174.100.27.229:80 210.1.219.238:80 172.105.78.244:8080 115.78.11.155:80 179.62.238.49:80 118.101.24.148:80 73.213.208.163:80 153.232.188.106:80 173.94.215.84:80 45.173.88.33:80 37.187.100.220:7080 98.109.204.230:80 162.249.220.190:80 219.92.8.17:8080 77.238.212.227:80 190.190.15.20:80 174.45.13.118:80 162.241.242.173:8080 5.79.70.250:8080 209.236.123.42:8080 82.76.111.249:443 87.106.225.180:8080 62.30.7.67:443 222.159.240.58:80 138.97.60.141:7080 190.53.144.120:80 199.203.62.165:80 24.137.76.62:80 216.208.76.186:80 74.109.108.202:80 189.39.32.161:80 220.254.198.228:443 152.169.22.67:80 112.185.64.233:80 197.232.36.108:80 95.216.205.155:8080 185.86.148.68:443 190.190.148.27:8080 174.102.48.180:443 88.217.172.165:8080 89.205.113.80:80 65.36.62.20:80 175.29.183.2:80 81.4.105.175:8080 45.55.82.2:8080 85.66.181.138:80 68.183.233.80:8080 201.235.10.215:80 197.221.158.162:80 190.55.186.229:80 113.203.250.121:443 216.10.40.16:80 181.122.154.240:80 37.70.8.161:80 51.255.40.241:443 198.57.203.63:8080 45.33.77.42:8080 189.2.177.210:443 82.239.200.118:80 181.137.229.1:80 91.121.54.71:8080 60.125.114.64:443 173.81.218.65:80 45.55.36.51:443 67.247.242.247:80 37.52.87.0:80 81.17.93.134:80 68.171.118.7:80 178.250.54.208:8080 103.106.236.83:8080 71.57.180.213:80 120.150.60.189:80 212.174.55.22:443 64.201.88.132:80 213.197.182.158:8080 168.0.97.6:80 174.137.65.18:80 103.80.51.61:8080 187.161.206.24:80 45.16.226.117:443 186.227.146.102:80 189.131.57.131:80 94.23.237.171:443 185.208.226.142:8080 107.5.122.110:80 68.188.112.97:80 159.65.222.75:8080 84.39.182.7:80 177.94.227.143:80 175.139.144.229:8080 110.142.219.51:80 151.236.60.57:8080 139.99.158.11:443 # Reference: https://www.virustotal.com/gui/file/9b5ffb189c00d8a536848736e9cba2d4a71f8fba6f97d11867d677886b4a23e4/detection http://47.146.117.214 # Reference: https://www.virustotal.com/gui/domain/foroanticorrupcion.sytes.net/relations foroanticorrupcion.sytes.net # Reference: https://www.virustotal.com/gui/file/6bdcbed80061d3b58f17759a2b932809c060a9a8b399dc92ee658ec5efd2d000/detection # Reference: https://www.virustotal.com/gui/domain/deactivate.pw/relations deactivate.best deactivate.pw # Reference: https://twitter.com/malware_traffic/status/1291168989108998146 204.197.146.48:80 # Reference: https://twitter.com/satontonton/status/1291723797528076290 # Reference: https://app.any.run/tasks/eb656a74-c0ba-4811-98e1-38a8cefaa70f/ http://47.146.32.175 # Reference: https://www.virustotal.com/gui/file/50d58ca2623e7fbbe3265bd78640c81fc3cb01a146c5630f656a18fc27e93c5e/detection 185.45.193.62:8080 216.239.32.21:443 # Reference: https://www.virustotal.com/gui/file/62fe71ddde725e4599889009d466a79b0de683d98a8490979b357732c18b79c6/detection 216.239.34.21:443 # Reference: https://www.virustotal.com/gui/file/7ece6173931237b004f4d24c8bd5ff5808a310f35fd6e630d04272f1e1f4c30e/detection http://24.249.135.121 # Reference: https://www.virustotal.com/gui/file/7c430fa3421e2ea8b9013a4b2d488c721f01245a353a6e93c9f57a99b99a1324/detection http://198.57.203.63 http://78.189.60.109 # Reference: https://app.any.run/tasks/7e3113be-372a-40f7-9cde-6f32fa94d03a/ http://74.120.55.163 # Reference: https://twitter.com/papa_anniekey/status/1293103714136281095 focus123.mycpanel.rs # Reference: https://app.any.run/tasks/412a6dce-5520-4e9e-8254-d42c0fff1bd2/ http://95.9.180.128 # Reference: https://app.any.run/tasks/13508623-0e52-4928-b905-46dc7a7ae037/ http://92.24.51.238 139.99.157.213:8080 # Reference: https://pastebin.com/raw/BPTTq6GH 107.185.211.16:80 96.8.113.4:8080 153.126.210.205:7080 47.146.117.214:80 104.131.44.150:8080 169.239.182.217:8080 95.179.229.244:8080 209.182.216.177:443 209.141.54.221:8080 5.196.74.210:8080 72.12.127.184:443 104.131.11.150:443 200.55.243.138:8080 116.203.32.252:8080 142.105.151.124:443 81.2.235.111:8080 74.120.55.163:80 167.86.90.214:8080 87.106.139.101:8080 37.139.21.175:8080 189.212.199.126:443 103.86.49.11:8080 203.153.216.189:7080 181.211.11.242:80 37.187.72.193:8080 41.60.200.34:80 139.130.242.43:80 181.230.116.163:80 109.74.5.95:8080 121.124.124.40:7080 114.146.222.200:80 157.245.99.39:8080 76.27.179.47:80 62.138.26.28:8080 24.43.99.75:80 93.51.50.171:8080 157.147.76.151:80 83.110.223.58:443 46.105.131.79:8080 119.198.40.179:80 79.98.24.39:8080 176.111.60.55:8080 190.160.53.126:80 183.101.175.193:80 104.236.246.93:8080 5.39.91.110:7080 74.208.45.104:8080 24.179.13.119:80 78.24.219.147:8080 50.116.86.205:8080 200.41.121.90:80 190.55.181.54:443 201.173.217.124:443 85.152.162.105:80 137.59.187.107:8080 152.168.248.128:443 95.213.236.64:8080 222.214.218.37:4143 47.146.32.175:80 110.145.77.103:80 70.167.215.250:8080 173.62.217.22:443 47.144.21.12:443 165.165.171.160:8080 62.75.141.82:80 47.153.182.47:80 87.106.136.232:8080 113.160.130.116:8443 185.94.252.104:443 168.235.67.138:7080 91.211.88.52:7080 204.197.146.48:80 180.92.239.110:8080 61.19.246.238:443 139.59.60.244:8080 # Reference: https://app.any.run/tasks/0a4c6780-43d1-4f2d-bc61-e2c74d604fc7/ http://174.102.48.180 # Reference: https://app.any.run/tasks/f8998e16-9781-4289-bd0f-fc346107935c/ http://176.216.226.44 # Reference: https://www.virustotal.com/gui/file/2cc2799a0f649e3f0d8bbfccd7f693a37a5a8def9094ae3f686169513d1d9ea7/detection 159.203.232.29:8080 # Reference: https://pastebin.com/raw/FUr39rYd 109.116.214.124:443 114.173.201.110:80 176.216.226.44:80 177.32.8.85:80 188.83.220.2:443 190.212.140.6:80 192.210.135.126:8080 197.83.232.19:80 201.213.177.139:80 203.117.253.142:80 207.144.103.227:80 212.93.117.170:80 24.233.112.152:80 51.75.33.120:8080 66.61.94.36:80 67.205.85.243:8080 69.30.203.214:8080 83.169.36.251:8080 85.105.140.135:443 88.217.172.164:443 91.222.77.105:80 97.82.79.83:80 # Reference: https://www.virustotal.com/gui/file/97095bd460f1f5204b572cd269f8c3a3e7e73302bcbaac05b3c0b106e2342f47/detection 201.171.150.41:443 219.240.39.215:443 81.198.69.61:80 94.76.247.61:8080 # Reference: https://www.virustotal.com/gui/file/e221dda5e172df72a7b9b605d2ffff5043219a3980adb5102825ee97e75ff423/detection 213.176.36.147:8080 # Reference: https://www.virustotal.com/gui/file/79fe6e1db7b6d43c9d290ccbfcc0d81127d7d366451e5c04c09980ffd352e388/detection http://47.146.32.175 # Reference: https://www.virustotal.com/gui/file/3813928dd0bac12320f38a077ff89695a08c2b334b3d57fd37130ae2040b3842/detection http://24.233.112.152 # Reference: https://app.any.run/tasks/ca298aef-0237-4f4c-9d4c-16e9ffa8d995/ http://186.109.104.67 # Reference: https://app.any.run/tasks/33208f2a-b475-4c87-a901-2c5ffc9931a1/ http://45.173.88.33 # Reference: https://app.any.run/tasks/dc65776b-ff73-45ee-89c4-34189aaafe80/ http://182.176.95.147 172.96.190.154:8080 # Reference: https://app.any.run/tasks/4ba4ab9b-664c-4817-b84b-a51f891637af/ http://82.163.245.38 # Reference: https://app.any.run/tasks/91f5641c-18d1-42b1-ba94-57a3aab3241b/ 116.202.234.183:8080 # Reference: https://app.any.run/tasks/0b1c53d6-f7a2-4d10-964d-2d416abf2537/ http://162.249.220.190 # Reference: https://www.virustotal.com/gui/file/3eea9f7afe639ed32775963d6fae0261bd31b0927a8d21eb9cbcaadfe7633ae4/detection poonamjoshi.com # Reference: https://twitter.com/papa_anniekey/status/1289005683581435904 microclan.com # Reference: https://app.any.run/tasks/9bc263f3-d30b-466c-9a9f-95121bd5606d/ http://94.49.254.194 # Reference: https://twitter.com/Jan0fficial/status/1297864705504092161 mj-web.dk # Reference: https://twitter.com/Circuitous__/status/1298324692214919170 smileplz.com # Reference: https://twitter.com/yungmay0/status/1298374886499508225 # Reference: https://app.any.run/tasks/6f234b9c-35dd-4659-be3c-f6ee6a6b1567/ pelayoacctg.org.ph quanticaelectronics.com # Reference: https://app.any.run/tasks/3f4cb411-b57f-4535-bf97-0123144a4081/ http://107.5.122.110 45.55.219.163:443 # Reference: https://app.any.run/tasks/7111f9b9-5357-4a91-850c-3471d257a016/ 65.156.53.186:8080 # Reference: https://app.any.run/tasks/191b2189-4ab8-4085-a457-2b1e2aaf3dbc/ 71.197.211.156:80 # Reference: https://github.com/pan-unit42/tweets/blob/master/2020-08-25-IOCs-for-Emotet-with-Trickbot.txt 185.81.158.15:8080 grzegorzkucharski.com karaz-sd.com king61tours.com # Reference: https://twitter.com/seguridadyredes/status/1298903561724669952 http://176.10.250.88 # Reference: https://app.any.run/tasks/0c98e26c-ad79-46e3-b603-cd4f36470c69/ http://98.13.75.196 # Reference: https://pastebin.com/raw/QUeZ8m10 112.78.142.170:80 134.209.193.138:443 162.144.42.60:8080 172.91.208.86:80 184.66.18.83:80 188.219.31.12:80 190.96.15.50:80 207.144.103.227:80 212.93.117.170:80 217.199.160.224:8080 24.26.151.3:80 37.205.9.252:7080 54.38.143.245:8080 65.156.53.186:8080 72.167.223.217:8080 73.116.193.136:80 78.189.60.109:443 86.57.216.23:80 91.75.75.46:80 93.51.50.171:8080 98.13.75.196:80 # Reference: https://blog.talosintelligence.com/2020/08/threat-roundup-0821-0827.html (# Doc.Downloader.Emotet-9412146-0) abcofcricket.com reliancectg.com # Reference: https://www.virustotal.com/gui/file/b59c25c29ded7dad9f0015a8ae0101c845220fc92ac6e0ecbc1c4ceaed70ac18/detection http://173.94.215.84 # Reference: https://twitter.com/Cryptolaemus1/status/1300488497376243712 142.44.137.67:443 # Reference: https://app.any.run/tasks/d9a26e5e-6940-4e71-9c3b-670395fcbe7d/ http://210.1.219.238 # Reference: https://www.virustotal.com/gui/file/05d96fd627d3c6cc52fa1932fd991c983589c0c9acabdac750639eb415203d46/detection 5.56.132.177:8080 93.115.23.115:8080 # Reference: https://app.any.run/tasks/95575a4a-0aeb-49ba-8fa3-149302fde1d9/ http://118.2.218.1 # Reference: https://app.any.run/tasks/27d34ee4-c459-4580-8616-e0fc34a7ddff/ tomssteakhouse.com/wp-includes/ /BWQwW/ # Reference: https://app.any.run/tasks/d57d3def-5cb3-443a-a27d-08fdb95276a3/ qstride.com/img/0/ /FrbJX7FPH/ /HxFvQLG60ICjqj/ # Reference: https://app.any.run/tasks/48ffbd45-913c-4998-9830-ed73775f6e3d/ vidriodecoracion.com/wp-admin/ vanbrast.com/bleech/ /CC2BJDZl0/ /x6KkTJVFA/ /4oy05GSOX/ # Reference: https://app.any.run/tasks/c600b9fd-e9ed-476b-9882-2a396f839313/ vuatritue.com/wp-admin/ /2sRxZP6U/ # Reference: https://app.any.run/tasks/44089aba-65fe-4bb7-a42d-2e4fb6ae3861/ # Reference: https://tria.ge/200828-g57747h5fn/behavioral1 sitecgps.com # Reference: https://twitter.com/James_inthe_box/status/1305445833903546369 # Reference: https://app.any.run/tasks/777df841-2292-45e7-aff2-9e37ac1e1c25/ http://50.91.114.38 # Reference: https://paste.cryptolaemus.com/emotet/2020/09/15/emotet-malware-IoCs_09-15-20.html 36.91.44.183:80 180.26.62.115:443 45.46.37.97:80 182.253.83.234:7080 113.156.82.32:80 185.183.16.47:80 134.209.36.254:8080 79.137.83.50:443 41.212.89.128:80 113.160.248.110:80 82.118.225.196:7080 220.147.247.145:80 41.84.243.145:80 68.69.155.181:80 115.176.16.221:80 126.126.139.26:443 219.94.242.134:8080 195.251.213.56:80 159.65.140.182:80 118.163.97.19:8080 8.4.9.137:8080 92.24.50.153:80 58.27.215.3:8080 111.67.77.202:8080 104.156.59.7:8080 38.88.126.202:8080 202.188.218.82:80 94.23.216.33:80 219.74.18.66:443 50.121.220.50:80 61.92.17.12:80 202.153.220.157:80 185.178.10.77:80 78.47.87.196:8080 190.101.48.116:80 167.71.227.113:8080 216.47.196.104:80 5.189.182.214:8080 110.5.16.198:80 200.120.241.238:80 82.80.155.43:80 190.85.46.52:7080 54.38.143.246:7080 54.37.42.48:8080 220.109.145.69:80 49.243.9.118:80 156.155.166.221:80 51.38.237.230:8080 187.189.66.200:8080 62.210.90.75:443 181.169.34.190:80 50.91.114.38:80 45.177.120.37:8080 167.114.122.37:80 82.225.49.121:80 75.80.124.4:80 189.160.188.97:80 67.121.104.51:20 116.202.10.123:8080 103.229.73.17:8080 124.41.215.226:80 145.239.169.32:7080 103.80.51.122:8080 5.39.79.163:7080 117.247.235.44:80 82.230.1.24:80 162.214.68.171:8080 121.7.127.163:80 144.91.127.82:8080 89.216.122.92:80 145.239.64.167:8081 96.227.52.8:443 45.230.228.26:443 182.227.240.189:443 96.245.123.149:80 213.196.135.145:80 45.79.16.230:7080 74.136.144.133:80 61.197.92.216:80 88.247.58.26:80 113.193.239.51:443 2.144.244.204:80 155.186.0.121:80 78.187.156.31:80 80.200.62.81:20 190.194.12.132:80 138.201.45.2:8080 74.58.215.226:80 77.106.157.34:8080 51.38.124.206:80 139.59.67.118:443 74.134.41.124:80 42.200.107.142:80 51.89.139.219:8081 76.18.16.210:80 181.95.133.104:80 120.51.34.254:80 89.248.250.44:8080 223.133.20.171:80 128.106.187.110:80 119.92.77.17:80 79.133.6.236:8080 185.215.227.107:443 223.17.215.76:80 5.189.178.202:8080 37.210.220.95:80 80.86.81.31:4143 153.177.101.120:443 103.48.68.173:80 220.245.198.194:80 202.166.170.43:80 221.184.46.216:80 140.186.212.146:80 78.249.119.122:80 78.114.175.216:80 120.138.30.150:8080 104.236.168.190:7080 95.215.46.191:8080 94.1.108.190:443 103.133.66.57:443 37.48.84.223:8080 189.150.209.206:80 # Reference: https://github.com/MBThreatIntel/malspam/blob/master/Emotet_2020-09-25.txt 104.131.103.37:8080 104.131.41.185:8080 110.142.219.51:80 111.67.12.221:8080 111.67.77.202:8080 114.158.45.53:80 12.162.84.2:8080 137.74.106.111:7080 138.97.60.141:7080 152.169.22.67:80 155.186.0.121:80 170.81.48.2:80 172.104.169.32:8080 174.113.69.136:80 177.73.0.98:443 177.74.228.34:80 178.250.54.208:8080 181.129.96.162:8080 181.30.61.163:443 184.66.18.83:80 185.178.10.77:80 185.183.16.47:80 185.215.227.107:443 185.94.252.12:80 185.94.252.27:443 186.103.141.250:443 186.70.127.199:8090 187.162.248.237:80 188.135.15.49:80 189.2.177.210:443 190.115.18.139:8080 190.147.137.153:443 190.163.31.26:80 190.190.148.27:8080 190.195.129.227:8090 190.2.31.172:80 190.24.243.186:80 190.6.193.152:8080 191.182.6.118:80 192.241.143.52:8080 192.241.146.84:8080 199.203.62.165:80 2.47.112.152:80 204.225.249.100:7080 209.236.123.42:8080 212.71.237.140:8080 213.197.182.158:8080 216.47.196.104:80 217.13.106.14:8080 217.199.160.224:7080 219.92.13.25:80 220.109.145.69:80 38.88.126.202:8080 45.16.226.117:443 45.161.242.102:80 45.33.77.42:8080 45.46.37.97:80 5.189.178.202:8080 5.196.35.138:7080 50.121.220.50:80 50.28.51.143:8080 51.159.23.217:443 51.255.165.160:8080 51.38.124.206:80 54.37.42.48:8080 61.197.92.216:80 61.92.159.208:8080 64.201.88.132:80 65.36.62.20:80 67.247.242.247:80 68.183.170.114:8080 68.183.190.199:8080 68.69.155.181:80 70.32.115.157:8080 70.32.84.74:8080 72.47.248.48:7080 73.213.208.163:80 74.136.144.133:80 74.58.215.226:80 77.106.157.34:8080 77.238.212.227:80 77.90.136.129:8080 78.249.119.122:80 80.11.164.185:80 82.196.15.205:8080 82.230.1.24:80 82.76.111.249:443 83.169.21.32:7080 87.106.46.107:8080 92.24.50.153:80 94.176.234.118:443 95.9.180.128:80 96.227.52.8:443 96.245.123.149:80 98.13.75.196:80 # Reference: https://github.com/MBThreatIntel/malspam/blob/master/Emotet_2020-10-14.txt newcarturkiye.com/wp-admin/Sbp/ hbmonte.com/wp-content/wer/ thewakestudio.com/wp-admin/3D/ formedbyme.com/wp-content/3e/ lilianwmina.com/wp-includes/Y/ partners.ripplealpha.com/data/ultimatemember/L/ unitedway.giving.agency/sys-cache/XnT/ # Reference: https://paste.cryptolaemus.com/emotet/2020/10/14/emotet-malware-IoCs_10-14-20.html 0931tangfc.com/images/eTrac/vmaYsYjxcGyLiXUd/ arquivopop.com.br/index_htm_files/D9GIZL0JPRV/2ak4jCRkru/ pulseti.com/arq/LLC/nf3Otsnzwl/ s165469.gridserver.com/2e4e/DOC/v4Ni8lfQic188UKvrV/ weblabor.com.br/avisos/lm/qjQdnNiipH2ePqaY8c/ admin.creciendoconelarcoiris.com/contato/Documentation/O3b3OxuKOsHx7hOCuF/ katthus.site/wp-admin/INC/Wg7iIDE77Q9HKsEdjYH6/ redpandazine.com/rjHumTUCZD/attachments/TJwYOgSjOxaFMXTgZk3/ registro.creciendoconelarcoiris.com/lab-supplier/paclm/cigsGO51PCwBR/ thetastrike.club/monitor/Reporting/2xxcosaiQm/ vesinhlinhanh.vn/zybo-z7/public/uXHtKU6YnwmtjAcz/ 1stcombs.suffolkscouts.org.uk/cgi-bin/browse/ 3000khoahoc.com/data/Scan/6ahj2xzdg1c/q3ky24bjkzcj2r3blfksen3/ account.scopemedia.com/revision/payment/ acropol-eg.com/www.acropol-eg.com/Overview/ ajwaalmosafer.com/sys-cache/lm/pipnq2lw33/ al3akarat.com/sys-cache/INC/qtymdpa/ amrsyd.com.au/cgi-bin/Documentation/x3lwxecjvkp/ amruthacollegeofeducation.com/css/payment/a1zi5536tf7n/eu4lfqyuym37gs/ arian21.com/alfacgiapi/eTrac/omeqgl2aq6hb/ assecon.com.br/novoassecon/INC/n5yi6u/ atelierpinkcity.com/wp-content/7hfl1ur9wt/ beletage-berlin.de/how-to/rgrjpl6yqvl1/vp9lg8lwow/ blizloaded.com/wp-admin/network/report/qfepmhl/ cafehomes.vn/wp-content/Documentation/lv46jsk/ caipa.net.cn/docs/ caipa.net.cn/TN/sites/1dvfcd42/dxkp91i027qbecny5eizt0jxz2ucoi/ constructoraalpes.com/owl/Overview/ cplt20live.com/wp-includes/Text/Diff/payment/ creciendoconelarcoiris.com/wp-content/uploads/dsufiymq/ cursoscaballeros.giving.agency/sys-cache/parts_service/mvvm4m3b1c8/ dagostim.com.br/fill/lm/jfb9ag79u/22lfpp5sekowuy8yme1/ ddazzlediamonds.com/advertisel/Documentation/ ecolushlanka.com/wp-admin/swift/c2clivwye63/ edduteayuda.com.co/sys-cache/sites/unw89lh/ f24.victor-studio.com.tw/wp-admin/public/mbvkcbg/ fabdraft.com/wp-admin/INC/5eoc0fadj1j1/ fleshupdate.com/wp-admin/F0xAutoConfig/public/ foodhanoi.net/wp-admin/swift/s70o7ewtgdxr9qar7cpi68oc/ gaialacticos.com/wp-content/payment/ gblcleanercanada.com/homemade-lash/01328/i21wld87/ hanedu.vn/wp-includes/px2fs1/ hhdcoop.com/online-surveys/Scan/3oq6bsiu/idbbhm437sqsckv4kjkl/ imasurvivor.co/sys-cache/mq6gqof5/ldhs0b1dt4u9a6uo2x3rc572x0xsn/ jietuo66.com/wordpress/Overview/q5yx2v/ joininfo.ca/articleprint/paclm/2muql8fi/ lachaloupe.net/wp-admin/OCT/ leads.afrus.app/sys-cache/Document/8ozykvzu/3nrvisj8b4bs/ leads.afrus.app/sys-cache/Document/8ozykvzu/3nrvisj8b4bs/\/ lp.app4you.app.br/wp-admin/02/2s0u94athcx7/90jqr1opf/ merkadito.mx/upload/OCT/ nengjiankang.com/wp-admin/payment/bq02xr1fpjor/t4m5sfqj3pcjqze0j69qw1d3imf5lg/ oel-magazin.de/wp-includes/paclm/ passoapasso.giving.agency/sys-cache/browse/6jgwwg7kmhw/8acjsx5sd7rdjp/ paymentsconsole.giving.agency/sys-cache/attachments/nj1kk6rrtrpdrh5o5faz9of854z/ pelavo.pl/wp-admin/attachments/ phamxuanquynh.com/wp-content/report/nuec7hz/ phaneedepool.com/wp-admin/invoice/ phonestore-telephonie.fr/wp-admin/public/sue67m/ portugal.scyla.com.br/redirect2/FILE/1pc1k1k89mlkp/ premier-h.com/simulate-logistic/OCT/ project-streams.eu/wp-admin/mqkjk8zv/ projects.bigprint.pictures/cgi-bin/public/pzx10o27/0fprs9c/ promembership.co/wp-content/swift/nnezyzsfeg/p8rtn3l7lhnfillp/ qpcpym.com/ErrorFiles/Reporting/60i5dt9zv/ rahimi-clinic.com/wp-admin/esp/dpa72hv4g7t/t0kr24hc/ randradeseguros.com.br/produtos/esp/vyh32iy3g2fa5jcmt9zkqqm/ rossinglish.com/inverter-repair/browse/gwc4o8/ s171184.gridserver.com/poll_success/Overview/ santoferragens.app4you.app.br/wp-admin/swift/ shenji.victor-studio.com.tw/wp-admin/attachments/91q66l6/ sherif-hammad.com/wp-includes/Scan/uwze9ca1t/ shop.scyla.com.br/wp-includes/esp/uqvl95sehq7p7w/ srno.hu/sys-cache/report/sv98lyo4q/4s5045m4kd/ sulematravel.es/wp-includes/paclm/ sunrisejanitorial.ca/assets/statement/ switch2cloud.net/wp-admin/balance/ teesvalleywashrooms.co.uk/ALFA_DATA/report/ thebeauticianofficial.com/sys-cache/paclm/ thedigitalsquad.net/sitemap/attachments/412tmhd4/ thehotelelevate.com/cgi-bin/Documentation/gtfh86im642/lj4zbliyn52t2/ thenewschef.com/wp-content/06fi03s6qe8oi3941c2yh119fzzpk7/ thientam.online/wp-admin/Scan/ tunimatec.com.tn/Document/esp/ upload.3000khoahoc.com/temp/balance/achxpcbh8w0p/j8vw36gerbcsmsy/ upload.thuviendata.com/2020-02/ptpgzydx057y/ vilong.us/sys-cache/balance/u5s3/ w-maassltd.co.uk/sys-cache/LLC/zenx05r/ ffval.hr/wp-content/statement/ womenup.cz/wp-includes/FILE/ xnk.jbzie.com/wp-admin/public/ 1stcombs.suffolkscouts.org.uk/cgi-bin/browse/ 45gradi.com/awstats-icon/OCT/5isfj61s/ b2bcom.com.br/site/Document/7h7vt4faff/qh1twu66o573mejk/ beletage-berlin.de/how-to/rgrjpl6yqvl1/vp9lg8lwow/ bigfesta.app4you.app.br/wp-admin/statement/ biggboss14show.net/wp-includes/paclm/ blizloaded.com/wp-admin/network/report/qfepmhl/ blog.iymazon.com/wp-content/334214278238924/2tu/ chinadarocha.app4you.app.br/wp-admin/Scan/ciqujxfc8e/ columbiasaude.com.br/sys-cache/INC/5r2ics0dgwv1n43zgmrpwbo/ cplt20live.com/wp-includes/Text/Diff/payment/ creciendoconelarcoiris.com/wp-content/uploads/dsufiymq/ ddazzlediamonds.com/advertisel/Documentation/ digitalscholarbd.com/zs/esp/7qar1o17w/ finally-con.com/sys-cache/attachments/mweke849y4y/zc6xt80o6awna5pi5a3ra5mtvi/ gaialacticos.com/wp-content/payment/ hanedu.vn/wp-includes/px2fs1/ hhdcoop.com/online-surveys/Scan/3oq6bsiu/idbbhm437sqsckv4kjkl/ homewatchamelia.com/wp-admin/docs/ hy-api.cn/ceo-retirement/payment/ imasurvivor.co/sys-cache/mq6gqof5/ldhs0b1dt4u9a6uo2x3rc572x0xsn/ informacion.creciendoconelarcoiris.com/wp-content/uploads/payment/qogke1c2uoe4/ j84.me/wp-admin/Reporting/ koreashop24.com/email/Documentation/mfzm49xudxjjikq8kml9c2ta84j6s2/ lachaloupe.net/wp-admin/OCT/ leads.afrus.app/sys-cache/Document/8ozykvzu/3nrvisj8b4bs/ librosporfavor.com/wp-content/swift/uid5bmt/547jbnw6kkyl6m2f/ liubaozi.cn/wordpress/sites/txbp5jf5wvfa08bt/ longshushu.com/invoice/nw2nk3jpj23/ margaash.us/sys-cache/DOC/0u9thggdtv/1zn69dp08z987/ modelo-delivery.app4you.app.br/wp-admin/yi8alm/ newdimension.co.th/wp-admin/statement/0yun1pqrev1cplh8bqi820fi/ oel-magazin.de/wp-includes/paclm/ passoapasso.giving.agency/sys-cache/browse/6jgwwg7kmhw/8acjsx5sd7rdjp/ paymentsconsole.giving.agency/sys-cache/attachments/nj1kk6rrtrpdrh5o5faz9of854z/ pelavo.pl/wp-admin/attachments/ phamxuanquynh.com/wp-content/report/nuec7hz/ promembership.co/wp-content/swift/nnezyzsfeg/p8rtn3l7lhnfillp/ rahimi-clinic.com/wp-admin/esp/dpa72hv4g7t/t0kr24hc/ repuscolombia.com/presupuestos/DOC/ resilientfutures.com/wp-content/k290eennf1/ santoferragens.app4you.app.br/wp-admin/swift/ selerakampung.com/wp-admin/Documentation/d8gqui/ skenglish.com/wp-admin/statement/ stevegates.co/free-low/attachments/ruokgkmy6v1uj3/ sulematravel.es/wp-includes/paclm/ tcamexpo.com/wp-content/parts_service/msql9lpdtsv3/ toy-house.pk/sys-cache/DOC/5s5eis2d/69fd5dr6k/ vilong.us/sys-cache/balance/u5s3/ vinhomesq9.vn/sys-cache/492874195037797/ w-maassltd.co.uk/sys-cache/LLC/zenx05r/ webturf263.com/wp-content/eTrac/1zdnklmh9tcx017cd/ lvl.com.br/wp-admin/INC/lr9pldlk3kv/ tianhengdaojituan.com/wp-includes/sites/ zhengtiankai.com/wp-content/public/gblpdj3y0y3a/y6iai/ zirrimarra.eus/wp-content/Documentation/svz0w6/ # Reference: https://twitter.com/Cryptolaemus1/status/1316730653044600833 financiamentointeligente.com/wp-content/Fj/ removepctrojan.com/wp-admin/6/ aahnaturals.net/wp-includes/TX/ sff3d.com/3d/xk/ engineering-2s.com/SS_Paypal/X/ lsmanga.com/migration/FaU/ beta.zoneberry.com/bysyswexecf/x3/ # Reference: https://twitter.com/Cryptolaemus1/status/1316751913774444546 # Reference: https://twitter.com/Cryptolaemus1/status/1316751914328096770 imenbartariran.com/wp-admin/CZ/ duberysunglass.com/img/A/ icilimoges.com/wp-includes/Ym/ trungtamgioithieuvieclamdongnai.com/submit_form/sFO/ events.medialogic.cloud/blazor-preventdefault/r8W/ inspira-psicologia.com/css/F/ sheriaspace.com/wp-admin/R/ # Reference: https://twitter.com/Cryptolaemus1/status/1316759252371988480 happyseedscharity.com/wp-includes/EgjM/ ecolands.info/wp-includes/LZ7O0h/ liguendembo.com/wp-includes/DeAM6hn/ xiaolechen.com/pollinodial/5lTy0/ mallowsvirtualcreatives.com/wp-content/2pw1/ rfcrfc.com/wp-admin/oZ/ bbs.rfcrfc.com/api/V/ # Reference: https://twitter.com/Cryptolaemus1/status/1316779526404427777 jrvservices.com.br/JRV_ANTIGO/d0cNATaKxy/ aqfsistemas.com.br/manufacturerl/hA/ paramythou.gr/wp-includes/jmoG/ foxfire.ph/wp-admin/YQW/ novaes.com.br/files/uZK/ excelenceimoveis.com.br/wp-includes/k/ equipamentosmix.com/10/aK99ApiT/ # Reference: https://twitter.com/bomccss/status/1316998263094996992 # Reference: https://twitter.com/Cryptolaemus1/status/1316992711904399360 # Reference: https://twitter.com/Cryptolaemus1/status/1316985594694766593 # Reference: https://app.any.run/tasks/dfefe288-fc49-4d40-b00a-f517363910bc/ divemed-tech.com/will-a/gjzE/ johndaurizio.com/wp-includes/Uhp4cB5mgN/ bazarkotulpur.com/wp-content/0tu/ geosrt.com/atrabiliary/yfH/ dmtland.com/wp-admin/4k/ zero-finance.com/wp-content/6sa/ myseedology.com/cgi-bin/7GzFsT/ foulgerteam.com/foulgerteam.com/i/ amicusdh.org/coaid/0g/ charlesze.com/content/z0lGKS/ tiktokvapes.com/wp-admin/xL/ blackstonetutors-onlineportal.com/wp-includes/fm/ bachhoanhale.com/wordpress/I/ invaluablearts.com/6sn1f/t/ mycollegecp.com/content/kRL/ tatilburdur.com/scutum/KV/ pgiso.com/wp-admin/mCQ/ # Reference: https://twitter.com/Cryptolaemus1/status/1317042881517977600 divemed-tech.com/will-a/gjzE/ johndaurizio.com/wp-includes/Uhp4cB5mgN/ bazarkotulpur.com/wp-content/0tu/ olimpiadasolidaria.com/wp-snapshots/BM7ftDR7a/ studyguidewithlakshmi.com/directory/v982c9VH5c/ pandebaik.com/_vti_bin/Y/ agroproindia.com/cgi-bin/95r09UGlIj/ # Reference: https://twitter.com/Cryptolaemus1/status/1317053813132546048 vuatritue.com/wp-admin/Ux/ shraddhacarrentalindore.com/wp-includes/M/ fortunelabels.com/test/SZ/ p4uclasses.com/wp-content/G/ tanger-soft.com/does-leaving/Kig/ pxid360.com/wp-admin/PN/ childselect.com/cgi-bin/y/ # Reference: https://twitter.com/Cryptolaemus1/status/1317061556958646272 dodungphongtam.com/content/GZ5Mk/ symbiosis-consulting.com/blogs/FVX8XRa/ getquicksafaris.com/wp-content/nJtvlV9ha/ sakhilalleather.com/wp-admin/t7GkPP4/ metodotrcd.com/wp/d/ borjboland.com/wp-admin/pH/ rangpurbarassociation.com/cgi-bin/2BdjrjymS/ # Reference: https://twitter.com/Cryptolaemus1/status/1317082747186434048 safeabortionrx.com/ext/XII/ brightcdr.com/wp-content/LNTELiq/ cavancart.com/staticmap/WR/ homeabortionpillsrx.com/ext/N6SKd/ portal.digitalcompass.com/Styles/deeB/ apidocs.dcdial.com/wp-includes/H/ 360www.ca/content/2/ # Reference: https://twitter.com/Cryptolaemus1/status/1317097518711377923 paganwitch.com/wp-admin/0pd/ creationskateboards.com/shred/H/ gtech.thngo58.com/wp-includes/9zo/ dlhagency.com/cgi-bin/8z/ drwalidabdelgaffar.com/dentalia/lL/ rtjandxly.online/wp-content/kir/ bnmintl.com/cgi-bin/Ibu/ # Reference: https://twitter.com/Cryptolaemus1/status/1317112136636731392 iei7.com/wp-admin/5ShKLn/ right2liferx.com/admin/AcgEH/ poppylon.com/wp-admin/E22zho/ personaltrainersindia.com/fonts/Q55X/ eldahwa.com/9th-grade/F2Kw/ meeak.com/wp-admin/lcJ/ prabhatcycles.com/prabhatcycles/U1i7/ housetutor.wasseela.com/x2ekf/tMR/ # Reference: https://twitter.com/Cryptolaemus1/status/1317176477734047745 thehouseofpeace.org/cgi-bin/NZdfyylt/ wayfinancial.ca/wp-content/3H9P2P9qn/ tola.ae/docs/t/ bms-guisborough.co.uk/wp-admin/nIdNw7fA/ ardos.com.br/simulador/hpWciv1B/ andrycarias.com/grupo-desafio.com/EZ2w/ solidrockwesleyan.ca/wp-includes/WeqhX7hE/ # Reference: https://twitter.com/Cryptolaemus1/status/1317227929072533504 storagelookup.com/wp-admin/5pmuuxWKoN/ flowerdeliverypasadena.com/wp-content/J8tPsVAF4/ concrecasa.cl/wp-admin/RUQ87/ atrocity.de/blogs/iRB9/ svi.bo/wp-content/5CX8zlve/ gosbooking.com/wp-admin/ej5/ dummyestudio.com/wp-content/bP/ # Reference: https://twitter.com/Cryptolaemus1/status/1317238025701724160 wiwildcare.org/wp-includes/Ri/ gyandarbar.com/EDU/wBubLrB/ giannaspsychicstudio.com/cgi-bin/AAHr/ berkeywaterfilterplus.com/wp-admin/A/ myanmarlegalservices.com/wp-admin/87M/ bestgunsafety.com/wp-admin/u23zKk2/ mantenanews.com/wp-content/G/ liciousbbl.com/wp-includes/5k8n/ # Reference: https://twitter.com/Cryptolaemus1/status/1317354642494410753 fumigacionesmac.com/wp-includes/je/ excellence4u.com/wp-snapshots/brAvtr/ balancingelephants.com/wp-content/kH/ tahirsylaj.com/error/UpDueJ/ bestoffershop.com/wp-admin/k/ wintekelevators.com/wp-content/xExD/ supplementhouse.net/wp-content/HXLS7K/ solddolls.com/cgi-bin/xwoLV/ # Reference: https://twitter.com/VirITeXplorer/status/1318095610537443328 tahirsylaj.com/error/UpDueJ/ bestoffershop.com/wp-admin/k/ wintekelevators.com/wp-content/xExD/ supplementhouse.net/wp-content/HXLS7K/ solddolls.com/cgi-bin/xwoLV/ fumigacionesmac.com/wp-includes/je/ excellence4u.com/wp-snapshots/brAvtr/ balancingelephants.com/wp-content/kH/ # Reference: https://twitter.com/Cryptolaemus1/status/1318118172285947904 geoportal.rivasciudad.es/wp-includes/MD/ baltische-rundschau.eu/wp-content/uploads/2pj7/ leboutique-store.com/wp/dOs/ bespokebysumitgrover.com/wp-includes/mwYw/ rajania.com/cummins-engine/nPd/ aabeds.com/jtdla2131/Y/ svi.bo/wp-content/NIEP3/ podzalog39.ru/podzalogOLD/n/ # Reference: https://app.any.run/tasks/de25cba4-817b-4931-b20d-95f180fe5c0c/ travelsportrepeat.com/wp-content/0/ wemusthaveit.com/freeze-columns/KQiSFq7/ tuhishair.com/blog/g3H/ entout.co.uk/wp-includes/wdh/ blog.artemisaritim.com/accuracy-of/z/ ad-avenue.net/-/MH6/ wintekelevators.com/avast-premium/S6/ # Reference: https://twitter.com/Cryptolaemus1/status/1318122399079014400 tonolledo.com/docs/R6/ jegsnet.com/wp-content/J/ melrosebeautycenter.com/windows-10/MM/ blog.gadzoom.net/wp-includes/g0/ gtech.thngo58.com/zwift-level/xnH/ hbrpatel.com/wp-content/amT/ indiastartup360.com/wp-admin/Cm/ # Reference: https://twitter.com/abel1ma/status/1318130996332564482 # Reference: https://app.any.run/tasks/12a094d8-1806-4349-a485-8e3ea950f0f6/ tudorinvest.com/wp-admin/rGtnUb5f/ dp-womenbasket.com/wp-admin/Li/ stylefix.co/guillotine-cross/CTRNOQ/ # Reference: https://twitter.com/VirITeXplorer/status/1318138248783450115 ardos.com.br/simulador/bPNx/ drtheurelplasticsurgery.com/generalo/rhrhflv92/ bodyinnovation.co.za/wp-content/2ssHvi/ nomadco.es/wp-admin/MvwVHCG/ # Reference: https://twitter.com/Cryptolaemus1/status/1318189858989420545 stech.com.np/wp-admin/U/ worlddatapro.com/flama-condensed/2fPei5/ bluedemonlodge.com/wp-content/yBvR7Tw/ laindianrestaurants.com/wp-includes/B3pPZIas/ daogou.icu/wp-admin/kyJ4pA/ wisdomapologetics.com/neje-master/KM/ fotomax.fr/cgi-bin/dm/ # Reference: https://twitter.com/Cryptolaemus1/status/1318230428868874243 guarany.net/zefiro/K/ yanlipin.net/wp-admin/Q/ aanshtravels.com/_notes/JLM/ tcamexpo.com/wp-content/c/ easihacks.com/wp-includes/d/ cosyshe.com/wp-includes/A41/ goodpriceshoes.com/wp-includes/0Ko/ # Reference: https://twitter.com/Cryptolaemus1/status/1318269256295981056 onepalate.biz/wp/YuUcpzM/ webdachieu.com/wp-admin/J/ smallbatchliving.com/wp-admin/uccE/ richellemarie.com/wp-admin/xlTWW/ richelleshadoan.com/wp-admin/Ucrkcvp/ holonchile.cl/purelove/Y4/ a2zarchitect.com/wp-admin/LAs0P/ raumfuerneues.eu/error/AuTiH/ # Reference: https://twitter.com/Cryptolaemus1/status/1318286786494402562 yixuecourse.com/wp-includes/wE/ estylohouse.com/pms/application/language/e/ 77wins.club/wp-content/4y/ layagroup.net/wp-admin/5h/ zionimmigration.com/scss/bHd/ vivoslotpulsa.com/wp-content/1/ wizzdomhub.com/wp-content/IZ/ # Reference: https://twitter.com/Cryptolaemus1/status/1318425528760750082 vidadohomem.com/wp-content/Eu/ virtual-event-service.com/assets/tW/ mallowsvirtualcreatives.com/llfdsofdsfss/51C/ rovonize.com/email.rovonize.com.rovonize.com/M/ mahfuzur32785.com/identify-the/IM/ africafoodworld.com/wp-admin/WD/ bloglamtinh.com/wp-admin/N/ # Reference: https://twitter.com/Cryptolaemus1/status/1318468646134571009 wodsuit.com/ram-aisin/7r9/ hoobiq.com/cgi-bin/Xyv/ bomfuturoadesivos.com/gallery_03f59a1cc20096539c7aec1b61d7471a/3e/ vat201.com/calculator/itQ/ vikinggg.com/hydrolysis-of/bY/ mohamedsayed.com/wp-admin/Zt/ hostimpel.com/js/q/ # Reference: https://twitter.com/Cryptolaemus1/status/1318469815082881025 rossie.in/wp/6L0U/ envirohubconsulting.co.za/cgi-bin/vI5/ grandages.org.my/office/y6Uz/ dailypharmajobs.com/cgi-bin/CyCdO/ comercialadvance.com/images/MFXxM5Tg/ royalnight.in/wp/lEA2gXXBj/ gymmuscle.tk/wp-content/U8j1Bkh/ # Reference: https://twitter.com/Cryptolaemus1/status/1318644038057287680 salesforcesupports.com/wp-admin/UK4/ sakcampharma.com/wordpress/L8E/ laosonline88.com/old-web-bk/M8B/ quicktowtowing.com/indexing/N2/ tecnolora.com/grup-bo/NWd/ geoffoglemusic.com/wp-admin/Mym/ 58yuesao.top/wp-admin/HG/ # Reference: https://twitter.com/Cryptolaemus1/status/1318657897623134209 nursefreedomsystem.com/cgi-bin/eYae/ masterbookpub.com/cgi-bin/H/ 247tvad.com/wp-includes/CLwQ/ wearenursesvip.com/wp-includes/ZbcC/ demo.acousticify.net/intune-company/UAONxeh/ hello.congduhoc.com/logstash-mutate/d/ musicrepublicmagazine.com/wp-content/HbW/ littleforbig.com/menuso/5IW5/ # Reference: https://twitter.com/Cryptolaemus1/status/1318666564141502464 keishixx.com/apc/ew5/ zylko.com/wp-admin/SD/ kyleesbirthdaybash.com/wp-includes/Sco/ kbpatinhaus.com/wp-includes/5r/ almaart.ir/wp-ontent/7pp/ premiumnitrilegloves.com/wp-content/7/ mommafi.com/wp-includes/S/ # Reference: https://twitter.com/Cryptolaemus1/status/1318816075820224514 safarsetutours.com/safarsetutours/do75yh/ iimedu.uk/wp-includes/m8YXYxu/ weeklymasterclass.com/wp-includes/ZqsGa/ onetrepreneur.co.uk/test/gQX87a/ commonsenserevisitedbook.com/wp-includes/6BAdVn6/ taabgroup.com/divi-woocommerce/7BHbH/ pruebadario.ecomerciar.com/wp-admin/jSEbK2o/ rebuneae.com/wp-content/EivSc/ allindiacrimepress.com/blogs/media/AO9/ housetutor.wasseela.com/x2ekf/sWv/ avoyrakib.com/wp-admin/28/ kianyadak.com/ik/M/ souryumon-alive.net/VL/ mail.cozyreview.com/Ko8/ econews.treegle.org/how-to/v/ atrezzos.beneficiosparaempleados.com/wp-admin/kzqh1zM/ vinarorganics.com/css/L0vMERYKQD/ adidasyeezy.store/welph/ccrcbr1xFU/ zunan.com.tw/wp-admin/lQ59Q/ vstsample.com/wp-includes/YV/ tuneclick.co.uk/img/eBV/ library.strophicmusic.com/test/VNTHdB7678/ # Reference: https://twitter.com/Cryptolaemus1/status/1318865011683610626 plakatjogja.com/wp-content/X/ vnadevelopers.com/wp-admin/BF/ nursesweekparty.com/wp-includes/bQR/ hodmunha.info/wp-includes/Ce/ novaworlds-muine.com/khudothiaquacity.com/a/ weapontoys.com/wp-content/Ok/ bold-c.com/wp-admin/Ac/ # Reference: https://twitter.com/Cryptolaemus1/status/1318916731914670084 michaelandrewsbakery.com/wp-admin/M/ forsalebyowner247.com/wp-includes/8m/ webgisjambi.com/wp-content/uploads/V5a/ tigerstormtraffic.com/wp-includes/h23/ optimisticdeals.com/wp-content/S/ twogirlscleaning.com/openbayl/KaI/ online2u.biz/ogretmenevi/4Yj/ # Reference: https://twitter.com/Cryptolaemus1/status/1318920275732418566 aspensnowmasswebcam.com/wp-admin/SC6c2o/ ticket1st.com/wp-includes/98Zkfi/ eyebrowandme.com/cgi-bin/3NN/ newsfocus123.com/96kaifa/cc1/ dev.muzigal.com/cron/Mdn/ dehateet.com/wp-admin/Gqg0Ma/ keithdougherty.com/wp-includes/Yen85/ nurseprizes.com/wp-includes/hS/ # Reference: https://twitter.com/Cryptolaemus1/status/1318943116016091136 ecommarket.xyz/uptown/LSm7vXy0v/ pearlcomputers.com.pk/bitcoin-apk/37qD0b/ treeremovalnerds.com/wp-content/7n5ut/ isupportthecause.org/wp-includes/sbCBUzN/ englishmatters.hk/wp-admin/hDcXxqmeD8/ innoovation.com/blogs/sOKc4/ habiganjjournal.com/wp-content/TUQB/ # Reference: https://twitter.com/Cryptolaemus1/status/1318995699904688139 kpfniaga.com/backup/Qv/ ethanstech.com/wp-includes/Z/ fsl.com.mx/wp-admin/2T7Ws/ thecitizensforum.org/cgi-bin/kU/ murari.es/wp-content/h/ xcharliesdevils.com/wp-includes/ysv/ hrinternationalbd.com/selectar/h/ caballerosdesanfernando.es/wp-includes/re8nKUj/ # Reference: https://twitter.com/Cryptolaemus1/status/1318995430852694017 farzadkiasat.com/wp-admin/Eb/ hunmao.net/wp-includes/C/ tallyandfin.com/cgi-bin/P/ gosvish.com/wp-admin/B/ searchhomeusa.com/wp-content/o/ h5yx.vishou.net/css/i/ oleegoli.com/indexing/xS/ # Reference: https://twitter.com/Cryptolaemus1/status/1319019223016943620 sangamapparel.com/wp-content_old/whE/ techarpit.xyz/wp-content/GM/ sarfco.com/wp-content/6YE/ best-browser.top/wp-includes/lL/ alternatul.com/wp-includes/4rS/ rapicampi.com/wp-content/ib/ initiativepropertiesltd.com/home/S7s/ # Reference: https://twitter.com/Cryptolaemus1/status/1319048991175331847 scolarite-fssm.uca.ma/wp-content/uploads/Wmo0C/ autofit.pt/wp-content/jjVLAR/ jinyangsheetmetal.co.kr/wp-content/Kx7IN1cEY/ mindgeniltd.co.uk/indexing/X5bSo/ sinanashkan.com/wp-admin/DkHxvf8KX/ navneetfamilycoach.com/wp-content/IRX/ usasnet.com/wp-includes/6k/ admvero.com.br/eleicao/EJcX/ coolfit.in/wp-content/ivi/ equipamentosmix.com/10/Bjky/ murari.es/wp-content/h/ hrinternationalbd.com/selectar/h/ thestudio-ct.co.uk/events/P3/ kailaasa.ca/wp-admin/zeJssVj/ khudanculongdien.vn/wp-admin/HB/ admvero.com.br/eleicao/EJcX/ coolfit.in/wp-content/ivi/ equipamentosmix.com/10/Bjky/ # Reference: https://twitter.com/Cryptolaemus1/status/1319223065696415745 paasologrp.com/parseopmlo/5/ launch.tactikafacewear.com/wp-content/Uk/ singohotel.com/dashboardl/q/ mymathlabhomework.com/wp-content/o/ dietherbsindia.com/assets/k8oo/ dev-tech.eu/demoshop/P0/ mithraa.co/nMT/ chess-pgn.com/win-raid/l6T5/ # Reference: https://twitter.com/Cryptolaemus1/status/1319180621395132416 swiftlogisticseg.com/wp-admin/jiX/ paikapua.com/a0brac3/Y/ gordon-and-son.com/wp-includes/n/ emmanuelmonastery.org/wp-admin/d/ afriwaste.app/wordpress/N7L/ da-industrial.com/js/A4/ onepalate.biz/wp-content_bak/Bc/ # Reference: https://twitter.com/Cryptolaemus1/status/1319253975863070727 sorbonne-capital.com/wp-admin/G/ zagoradesertcamp.com/templates/u/ chavezrob.com/wp-includes/zkd/ buybacksoft.com/old/5s/ thetechieforu.com/wp-includes/2/ movie-2free.com/cgi-bin/d/ yogeejee.com/wp-includes/b/ # Reference: https://twitter.com/Cryptolaemus1/status/1319262232170139650 paasologrp.com/parseopmlo/5/ launch.tactikafacewear.com/wp-content/Uk/ singohotel.com/dashboardl/q/ mymathlabhomework.com/wp-content/o/ dietherbsindia.com/assets/k8oo/ dev-tech.eu/demoshop/P0/ mithraa.co/nMT/ chess-pgn.com/win-raid/l6T5/ # Reference: https://twitter.com/Cryptolaemus1/status/1319309808814706693 akdparivar.com/css/J/ yudaobath.com/wp-includes/vbayxJ/ # Reference: https://twitter.com/Cryptolaemus1/status/1319320563257573376 jumpingphones.com/wp-admin/W/ gksystemsnamakkal.xyz/wp-content/SsH/ baichoi.tranbaocuong.top/application/h5c/ movie-2free.com/cgi-bin/2wv/ mugiya-pan.com/wp/czH/ topperit.com/demo1/tt/ myfarasan.com/wp-admin/o/ # Reference: https://twitter.com/Cryptolaemus1/status/1319334755096272897 acheterdrogues.com/wp-admin/m/ hcareconcepts.com/cgi-bin/1Pwwxf/ jiafunongye.com/application/NJ3Ta/ amarteargentina.com.ar/wp-admin/GOAvrV/ allcannabismeds.com/unraid-map/xcGN/ caacholidays.com.hk/wp-content/jaayDboQ/ selerakampung.com/wp-admin/AGF5qXG/ # Reference: https://twitter.com/Cryptolaemus1/status/1319377511332139009 primaage.com/wp-admin/is/ uvibrands.com/QIG/ morrobaydrugandgift.com/wp-contentbak/T9M/ autodidactai.com/wp-content/5SF/ cs.vitalero.com/wp-includes/Vf/ arcadia-consult.com/wp-admin/6O/ acheterpermis-deconduire.com/wp-admin/network/vv/ # Reference: https://twitter.com/K_N1kolenko/status/1308335594729332737 jobcapper.com/8.7.19/hrS/ scoomie.com/wp-content/uploads/mxjsB/ blog.workshots.net/bibqcr9/Eki/ hxoptical.net/wp-admin/91C/ adidasnmdfootlocker.com/nc_assets/F/ socylmediapc.es/tools/D7Ogq/ lombardzista.pl/wp-content/r/ # Reference: https://twitter.com/K_N1kolenko/status/1306577455499673602 scrappy.upsproutmedia.com/wp-admin/J/ china-specialist.com/wp-content/YrLG/ upsproutmedia.com/wp-admin/M/ pagearrow.com/wordpress/B/ a.xuezha.cn/lajop/OYdUzf/ blog.saadata.com/cgi-bin/vwz/ zeeamfashion.com/content/rqoL/ # Reference: https://twitter.com/K_N1kolenko/status/1306534090812919808 77yxx.com/b5rh/bZxS/ shahramookht.com/t1k12k7t/8jq/ aciitaly.com/adminer-master/gkI/ codelta.es/images/9S35FR/ burstoutloud.com/PPL/Hf/ targetin.com/Silder-1/naK/ dbestfishing.com.sg/67s/wfe/ # Reference: https://twitter.com/K_N1kolenko/status/1301052109379469313 nnpstv.com/newsletter/hDT/ oneinsix.com/plesk-stat/S76/ villatera.com/cgi-bin/CHy/ party-pix.org/cgi-bin/GVp/ sabineschulte.net/cgi-bin/x/ pautz.org/cgi-bin/uB6/ nobius.org/hutchins/w/ # Reference: https://twitter.com/K_N1kolenko/status/1301043012554895361 ptwmusic.com/thumbs/TN/ refinanz.org/bachelorme_de/I/ prprofile.com/wp-admin/B2/ radiomuziekland.com/contact/f/ rbji.com/rbjfiles/5/ relicatessen.com/index_htm_files/9/ phoenix-internet.com/incontext/QJN/ # Reference: https://twitter.com/K_N1kolenko/status/1291617606567428096 tourgunungkidul.com/js/63/ veranista.com/stats/s/ walescounseling.com/wp-includes/BsDZ7QS/ thecreativecafe.co.uk/gallery/Y/ usadatos.com/chai/ikb/ tanitlak.hu/wp-admin/AkMHk/ wolstenholme.ca/teashop/0B6GAKL/ jerem.com/themes/nu2/ mikebonales.com/blog/In5/ grandsignatureyercaud.com/css/Gp/ hstlive.com/blabs/N/ itcsis.com/docuitc/G/ immortalmodeling.com/dev/blog/SF/ jejach.net/widgets/1E/ rifatenterprise.com/dist/go/0Ay/ priyamcollection.com/vinix/3e/ red-master.com/antiguo/WA/ portalsgn.com.br/corpore/xl/ rentaflight.be/PEAR2_maybe_not_used/H9l5C9Q/ pisi1.unixstorm.org/cgi-bin/LVZW/ purrr.nl/wp-content/Y/ moasocialcoop.com/wp-includes/fd/ monahon.com/classyclutches/W/ mediosmilenium.com/mapa/eWv/ monicaestrazulas.com/2018/Z/ mktink.com/logs/Q8/ murias.com/documents/Fu/ n-brake.com/aspnet_client/G8/ wuvyish.com/wp-content/D9/ energjia.com/oxl/k/ hajveryimpex.com/content/0hW/ aeeec.com/about-us/qE/ blog.8888168.xyz/wp-content/P/ instruments.azurewebsites.net/content/vWy/ larisinaja.com/wp-includes/y/ walcial.com/sys-cache/Fh8vQ/ riovibe.com.br/2009/A/ skytechresources.com.br/erros/JyG5bsH/ cosentinoconsult.com.br/v_s_k3/WZN8FbD/ swapnadevelopers.com/temp/U/ opiscineiro.com.br/wp-snapshots/za4yVt/ studio63productions.com/fonts/Dm7Y/ microcomm-group.com/aspnet_client/open-resource/749h0_a_bgapak3l/ missetiquette.com/img/57ry_v_f04/ rouxweb.com/sea/IOm310/ sallyabbeyarts.com/SALLY_ART_2014/UqN4k/ tedde.nl/photosentinel/r_mcjd_p0vrxje/ webstack.com.au/wp-includes/U890802/ # Reference: https://paste.cryptolaemus.com/emotet/2020/10/14/emotet-malware-IoCs_10-14-20.html 175.103.38.146:80 149.202.72.142:7080 51.15.7.145:80 177.129.17.170:443 76.175.162.101:80 188.157.101.114:80 108.46.29.236:80 123.176.25.234:80 51.75.33.127:80 78.186.65.230:80 96.245.227.43:80 46.43.2.95:8080 80.241.255.202:8080 142.112.10.95:20 93.186.197.189:7080 121.7.31.214:80 109.13.179.195:80 153.229.219.1:443 51.15.7.189:80 5.196.108.189:8080 202.29.239.162:443 5.89.33.136:80 203.56.191.129:8080 139.162.60.124:8080 74.135.120.91:80 174.106.122.139:80 113.203.238.130:80 75.143.247.51:80 96.249.236.156:443 85.25.106.204:8080 1.226.84.243:8080 183.77.227.38:80 192.232.229.54:7080 24.232.228.233:80 188.166.220.180:7080 162.144.145.58:8080 213.165.178.214:80 78.188.106.53:443 104.131.123.136:443 46.101.58.37:8080 47.36.140.164:80 202.29.237.113:8080 69.206.132.149:80 174.118.202.24:443 190.96.15.50:443 130.0.132.242:80 200.127.14.97:80 190.188.245.242:80 24.231.51.190:80 190.164.135.81:80 172.104.97.173:8080 185.80.172.199:80 24.43.32.186:80 177.23.7.151:80 216.139.123.119:80 190.190.219.184:80 2.58.16.86:8080 45.239.204.100:80 68.252.26.78:80 71.15.245.148:8080 94.212.52.40:80 218.147.193.146:80 178.211.45.66:8080 192.175.111.217:7080 85.214.26.7:8080 49.50.209.131:80 120.150.218.241:443 60.93.23.51:80 192.175.111.214:8080 72.143.73.234:443 46.105.114.137:8080 121.117.147.153:443 191.191.23.135:80 177.144.130.105:8080 110.142.236.207:80 192.81.38.31:80 35.143.99.174:80 118.33.121.37:80 190.240.194.77:443 125.200.20.233:80 71.72.196.159:80 194.4.58.192:7080 73.55.128.120:80 47.154.85.229:80 138.97.60.140:8080 190.191.171.72:80 103.93.220.182:80 115.79.59.157:80 186.74.215.34:80 169.50.76.149:8080 180.148.4.130:8080 118.243.83.70:80 70.169.17.134:80 42.200.96.63:80 190.192.39.136:80 91.146.156.228:80 118.83.154.64:443 128.92.203.42:80 190.108.228.27:443 139.59.61.215:443 37.187.161.206:8080 116.91.240.96:80 95.85.33.23:8080 202.134.4.210:7080 198.20.228.9:8080 190.117.101.56:80 # Reference: https://twitter.com/malware_traffic/status/1309698130468896768 # Reference: https://app.any.run/tasks/018be08a-518e-449f-b7cc-3bc8b5cd8031/ 12.163.208.58:80 87.106.253.248:8080 # Reference: https://app.any.run/tasks/210af0dd-4489-4ba6-88f8-5968ac9f1442/ 162.241.41.111:7080 http://49.243.9.11 # Reference: https://www.virustotal.com/gui/file/0b741a6961b690e07f80388faf43fc3af9bd74b99e8f223e00fa0a996c23305e/detection # Reference: https://www.virustotal.com/gui/file/03caf29484a047db9c68e15e6117f665c59b1cc6ea7cdacba9042f80149861b9/detection http://51.38.124.206 91.105.94.200:80 binarywebtechsolutions.com vstbar.com # Reference: https://twitter.com/illegalFawn/status/1310959162822725638 jigsaw.watch # Reference: https://www.virustotal.com/gui/domain/xnxxfullhd.com/relations xnxxfullhd.com # Reference: https://app.any.run/tasks/7bf64b3b-3039-4610-8500-d9ca772797ec/ http://116.91.240.96 # Reference: https://www.virustotal.com/gui/file/9bb84f9fca28c4f9ac90dda5932d089a835344e112aca645497ee884b56e7644/detection tagkarma.com simplatecplc.com sertecii.com vvk888.ru easyneti.com # Reference: https://www.virustotal.com/gui/file/869f09c1b430433a385b4ec13a90eef4cfe0cba092a46fe71107de2f865bdf0e/detection # Reference: https://www.virustotal.com/gui/file/07546b78e05a399af4c7b6080391583fc4709c2b8e45f2b82ee98ae5a2807dba/detection http://185.94.252.3 185.94.252.3:443 # Reference: https://app.any.run/tasks/a7d83cd5-65f8-45a4-a743-4e743697af4f/ http://42.200.96.63 # Reference: https://app.any.run/tasks/a32c3139-6e65-4009-adf6-9bc8be58f007/ http://177.23.7.151 # Reference: https://app.any.run/tasks/6ae91afa-8e93-4768-bf0e-9719c2f29ba3/ 162.241.140.129:8080 http://69.206.132.149 # Reference: https://pastebin.com/t8DJ96VL 103.3.63.137:8080 184.180.181.202:80 # Reference: https://app.any.run/tasks/e75d2911-c9c6-4c7e-a6a7-d95e2ddf0c0a/ http://208.180.207.205 # Reference: https://app.any.run/tasks/6bc0ba41-3619-40fc-88c1-dc8ef38ee1f8/ http://2.45.176.233 # Reference: https://app.any.run/tasks/130012c7-b13a-49f8-addd-552744b68c8c/ http://221.147.142.214 # Reference: https://app.any.run/tasks/e6d9c6dc-dd3e-478d-958d-f3762df82a7d/ dodungphongtam.com # Reference: https://twitter.com/Marco_Ramilli/status/1318135068049670144 167.114.153.111:8080 # Reference: https://twitter.com/malware_traffic/status/1318710455678926848 91.121.87.90:8080 # Reference: https://www.proofpoint.com/us/blog/threat-insight/geofenced-amazon-japan-credential-phishing-volumes-rival-emotet # Reference: https://otx.alienvault.com/pulse/5f8dd264c6e41e9e60cf67c7 http://182.16.26.194 http://23.133.5.144 http://43.249.30.212 00pozrjbpm.xyz enjinchang.cn jiyingkou.cn # Reference: https://twitter.com/VirITeXplorer/status/1320634658833473536 punto-0.org/wp-content/peqlZz/ mahesaku.com/wp-content/AEnN/ 1024db.com/wp-admin/Vf/ roofwellness.com/wp-admin/S0/ nurmarkaz.org/wp-content/LL/ wp83.talentsprint.com/wp-content/d0NpZ7/ campflamingo.org/wp-content/QCTr/ fasthomesolutions.flywheelsites.com/wp-content/9bWnm4P/ # Reference: https://twitter.com/VirITeXplorer/status/1320645299250122752 inbichngoc.com/wp-admin/S/ ulkucusarkilar.com/networko/wN/ rise-creative.com/cgi-bin/K/ celestinastore.com/old/rB/ ferreteriassolano.com/wp-content/x/ aryacreations.com/wp-includes11/tf/ sinapsisenergia.com/customerl/tE/ madrushdigital.com/wp-admin/OJ5Uu5J/ heankan.bio/js/T8oCHm/ jupitermarinesales.com/wp-content/cache/xLWIP/ lovetraveltoday.com/localisationl/0zwJxNkMRK/ unikaryapools.com/wp/JWUG4n/ akdgroup.co.in/jio/8vSciyhM/ ufak2.com/demo/2hhpCYzwTL/ # Reference: https://twitter.com/Cryptolaemus1/status/1320716324453179394 needhelp.gr/wp-includes/Qlpz/ computerjungle.it/wp-content/N/ polaroidamsterdam.nl/wp-admin/IlDz/ vitrinapyme.com/wp-admin/ws9w/ bopetsupplies.com/tui/b2uMLAj/ maturisampietro.ch/wp-admin/VR/ lixko.com/wp-includes/zrEfpj/ si-batangaspremier.org/wp-admin/Q/ # Reference: https://twitter.com/Cryptolaemus1/status/1320751795015221250 ivytheme.com/wp-admin/LyR/ secuado.com/wp-content/plugins/apikey/6/ passionpastry.com/wp-admin/n/ caglayann.com/wp-admin/Xt1/ crechereviver.org/siteunavailable/3/ logistician.org/wp-admin/aGQ/ m-tash.com/wp-includes/9/ # Reference: https://twitter.com/Cryptolaemus1/status/1320754787554627584 alexdepase.coach/wp-admin/Ic4ZVsh/ amiral.ga/wp-content/cUFTze5/ iebf.org.uk/wp-admin/QF/ onlineapps.com.au/wp-includes/ZROO26A9/ gazeindia.com/wp-content/kOCbnAdSdG/ alarmpistool.com/wp-admin/3dk0z92i4/ factum24.pro/cgi-bin/dYNq4D/ # Reference: https://twitter.com/Cryptolaemus1/status/1320784947842568193 360digest.beyondb-school.com/wp-content/07A/ nhatcuong.xyz/wp-content/Szx94QD/ braceyourself.us/wp-admin/J/ carl99a.com/cgi-bin/P1IwSg/ seitaiken.net/wp-admin/Qz9B/ arpe-samois.fr/wp-content/eQCw/ fitthemes.com/wordpress-5.3.2/O/ nakanoyoi5.com/wp-admin/GfPlB/ # Reference: https://twitter.com/Cryptolaemus1/status/1320801741408030720 campflamingo.org/wp-content/QCTr/ fasthomesolutions.flywheelsites.com/wp-content/9bWnm4P/ # Reference: https://twitter.com/Cryptolaemus1/status/1320821381106442241 preilurd.com/wp-admin/N/ twistan.com/wp-content/pxj/ beliloba.com/cgi-bin/1t/ jabalmubarak.com/wp-includes/mq/ xxxporn.futbol/wp-includes/vC/ vietnamdigitalmarketing.org/wp-includes/qd/ haule.net/wp-content/JAJ/ # Reference: https://www.virustotal.com/gui/file/143248cab06613908c20d4532e2ea212fa672788ea83cf4cac123499fe56f576/detection 172.86.186.21:8080 177.107.79.214:8080 59.148.253.194:8080 # Reference: https://twitter.com/Cryptolaemus1/status/1320972542270734337 homewatchamelia.com/wp-admin/MQxjrRU/ pottershousedurban.co.za/cgi-bin/109J/ toorak.ie/wp-includes/aT/ theginlibrary.de/wp-includes/ma/ coeurclaudelien.fbcars.net/cgi-bin/tJt0Sqg/ mamac.top/wp-admin/GWQACP/ jwskincare.vn/setupconfigo/pF6g/ 9s2s.com/wp-admin/XKowb/ # Reference: https://twitter.com/Cryptolaemus1/status/1321046903619047424 yourprivatelife.com/wp-admin/sq/ firsattrade.com/wp-content/pI/ ashiq.xyz/wp-content/qX/ aryabhattahighschool.com/wp-includes/C1x/ angelsandfriends.com/wp-includes/d31/ dmccainlaw.com/wp-content/3/ tvcableinternetdeal.com/wp-content/cu/ # Reference: https://twitter.com/Cryptolaemus1/status/1321045770880065536 royalempresshair.com/wp-content/upgrade/Ete/ kbppp.ilmci.com/wp-includes/z/ tiplabor.com/images/Du1/ 0377hhd.com/cgi-bin/q/ sorbonne-capital.com/wp-admin/Jip/ dijitalklinik.com/wp-admin/LYq/ qualitymathtutors.com/wp-content/GfE/ # Reference: https://twitter.com/Cryptolaemus1/status/1320974739733700608 mevaconyeu.vn/forgottenl/lBjZjuaWO/ babyg-vietnam.vn/wp-content/cuBO2E7bE/ wikibricolage.com/wp-admin/R/ innhanmachcm.com/wp-admin/IB32/ apyarlovers.com/wp-admin/eAiaD/ pilanjau-berau.desa.id/wp-admin/t/ madivarealty.com/wp-includes/XulnC6a/ # Reference: https://twitter.com/Cryptolaemus1/status/1321054328916975618 noorpurefood.com/wp-content/eyH9I/ amorepooh.com/wp-content/themes/twentyseventeen/G3RZxc/ hatele.net/wp-admin/N/ promaxgh.com/wp-content/uploads/f/ pikama.us/wp-includes/BBW/ shaishavchildrights.org/wp-content/L4bRiZo/ maradrugstore.com/old/n/ lilianaoliveira.com/office-365/m1MRNr/ # Reference: https://twitter.com/Cryptolaemus1/status/1321216463697596416 josejuanarroyo.com/antithetical-bulblet/l/ movie-2free.com/cgi-bin/s/ buckzy.net/wp-admin/zF/ suksiriestate.com/cgi-bin/xjz/ gk725.com/breadbox/mlu/ datawyse.net/Ccl/5W/ ppzo.top/wp-admin/o1/ # Reference: https://twitter.com/Cryptolaemus1/status/1321122347865280513 904y.com/how-to/A6/ acredales.com/thank_you/U0u9Z/ adinterix.com/laybuy-investors/9Ab6/ angiathinh.com/autotoxication/Iue/ bahamianrelief.org/VpHo/ey/ biharbhumibazar.com/wp-admin/D/ bridgestoworkapp.com/wp-content/c1/ car4libya.com/cgi-bin/sDBhPqx/ cidoresearch.com/wp-content/Cb5afhZDr6/ ciucurencutl.ro/wp-admin/WhcybcaN/ daeg.su/wp-content/iYH/ dartzeel.com/wp-content/yf/ datablockssolutions.com/rgit/kd6/ dieteticienne-tiffany.com/wp-includes/rGJaLg5/ dotasarim.com/wp-admin/Dyz/ edirnereklamajansi.com/wp-includes/dN/ fit.develab.mx/wp-admin/sjai4FA/ florumgroups.net/mysite/C0NYBd/ gibraltarsalesgroup.com/public/qdI/ jiehost.com/wp-admin/6ZFh6A/ meshzs.com/wp-includes/E/ mobis-autoloan.com/wp-content/YvqoBse/ mueindustries.com/wp-admin/D/ odmova.pl/retranslate/OqLdry/ ostranderandassociates.com/var/thpY/ pacificfe.com/shadow-health/nQ/ personalizedjigsaws.com/replace_img/qG6D9T/ queensport.nl/accp/dz/ ruiermi.com/wp-admin/jmb/ scw8.net/wp-content/1MkWc/ servitekifix.com/wp-admin/C/ socialplaymedia.com/wp-content/Czj/ stabri-thailand.org/cgi-bin/1GKI/ terasrumahkayu.com/wp-admin/dHeLE/ thietkequangcaothanhhoa.com/phosphoryl/UJwwiQu/ uxnew.com/old/9/ weeklyoutfits.com/how-much/zw2z/ yoga.gift/content/nc/ # Reference: https://twitter.com/malware_traffic/status/1321182175916679168 91.121.200.35:8080 # Reference: https://twitter.com/Cryptolaemus1/status/1321406330595401728 nanettecook.org/wp-admin/x/ scalarmonitoring.com/wp-admin/js/widgets/S0A/ fourseasonsjsc.com/wp-admin/hzu9vvt/ ningyangseo.com/wp-admin/am/ rapidcarwash.net/wp-content/nO6U/ coolchacult.com/wp-includes/i/ anpbodysculpting.com/wp-content/themes/twentytwenty/c/ lamajesteindustries.com/wp-content/DRTujMR/ # Reference: https://twitter.com/Cryptolaemus1/status/1321413462229196807 panoramafe.com/slabbing/bBkdFoF96m/ enolil-loo.com/agillawood/CZafm/ 394509.com/biogenesis/ab/ oluwatomiwa.com/mail.oluwatomiwa.com/T/ mansa.com.vn/myographist/zRf6yPRec/ asianprosource.com/verb/rdB6m/ khangnguyen.store/wp-includes/theme-compat/eSIyT/ # Reference: https://twitter.com/Cryptolaemus1/status/1321427295320629248 anizonehealthcare.com/wp-includes/I/ mthealthcare.net/wp-admin/h/ mynesnetwork.com/cgi-bin/Iw/ asahalpha.com/wp-snapshots/tmp/7/ greenlandlion.com/wp-content/zny/ vidamelhor.online/wp-includes/uy/ sobresaude.space/wp-includes/J/ # Reference: https://www.virustotal.com/gui/file/b281c158288b59d60949f1d15c53d7f47e507b2db6e015043d464daaf10f952f/detection http://88.153.35.32 # Reference: https://twitter.com/Cryptolaemus1/status/1321453607758254080 leapmom.com/ukeol/c/ csgcargo.com/wp-content/d/ greenleafnaturalfarms.com/cgi-bin/h/ rucloset.com/gon/4/ pachiba.com/blogs/7/ betsdotbahisgiris.com/cgi-bin/I/ rawmeditations.com/wp-content/r/ # Reference: https://twitter.com/abel1ma/status/1321728085520117762 # Reference: https://app.any.run/tasks/d5fd0b9c-9fff-4953-b886-20b2b711262f/ 152.32.75.74:443 demowebsite6.club/wp-admin/wKm1/ jobmuslim.com/wp-admin/js/widgets/HrWFGwvcF/ visionmedia.vn/wp-includes/bjkuZ9LtT/ # Reference: https://twitter.com/Cryptolaemus1/status/1321705613492146176 visionmedia.vn/wp-includes/bjkuZ9LtT/ demowebsite6.club/wp-admin/wKm1/ itgallery.com.bd/backup/7/ jobmuslim.com/wp-admin/js/widgets/HrWFGwvcF/ airrlist.com/wp-includes/VBG/ ppinds.in/fonts/NnaS2zf/ yadanaraung.com/wp-content/zWNM/ # Reference: https://twitter.com/Cryptolaemus1/status/1321672520391680000 eclatcollection.com/kohler-14resa/YpUuby/ ismlm.xyz/wp-admin/P/ corsiwebonline.it/wp-content/yQqe7/ conclassdigital.com/wp-content/thTgRn/ jtech.com.vn/wp-includes/IhSNuI/ hijoaajakakhabar.com/cgi-bin/cHoz/ magicwandcompany.net/wp-includes/bRVTJyc/ saladrepublic.in/cgi-bin/WmRD/ # Reference: https://twitter.com/Cryptolaemus1/status/1321755092098441216 dishtvweb.com/cgi-bin/xnAWwP/ bindhyabasinitemple.com/wp-includes/f8U8g/ radiolevi.ro/wp-content/vDbB/ kartsms.com/wp/s/ blog.opospalia.eu/wp-admin/k/ paridhiyadav.com/wp-content/hc/ socalvending.com/wp-content/8z/ makkinouz-groupe.com/wp-includes/q/ # Reference: https://twitter.com/Cryptolaemus1/status/1321802724971843584 enjoymylifecheryl.com/wp-includes/FPNxoUiCz3/ homewatchamelia.com/wp-admin/qmK/ seramporemunicipality.org/replacement-vin/Ql4R/ imperfectdream.com/wp-content/xb2csjPW6/ mayxaycafe.net/wp-includes/UxdWFzYQj/ 420extracts.ca/cgi-bin/Ecv/ casinopalacett.com/wp-admin/voZDArg/ # Reference: https://twitter.com/Cryptolaemus1/status/1321778299379634177 innhanmachn.com/wp-admin/sA/ shomalhouse.com/wp-includes/ID3/IDz/ blog.martyrolnick.com/wp-admin/Spq/ frajamomadrid.com/wp-content/g/ pesquisacred.com/vmware-unlocker/daC/ medhempfarm.com/wp-admin/Lb/ ienglishabc.com/cow/2BB/ # Reference: https://twitter.com/Cryptolaemus1/status/1321838206040637440 tinytowntees.com/wp-content/TV/ 0377hhd.com/cgi-bin/ru/ easytigershop.com/wp-includes/css/GxWFH/M/ paisocial.org/wp-includes/X9D/ primecigarettes.com/wp-content/7/ evexiahk.com/wp-content/u2x/ bathroomnerds.com/wp-content/e/ # Reference: https://twitter.com/Cryptolaemus1/status/1321894855019298816 attenstyle.com/wp-admin/pB/ ningyangseo.com/wp-admin/8l/ mrveggy.com/erros/4/ aischoolofindia.com/wp-content/KFn/ vitrinapyme.com/wp-content/Jw/ trassierramotor.com/photo-gender/oz2/ codavatar.com/wp-content/MiU/ # Reference: https://twitter.com/Cryptolaemus1/status/1321933654478757901 supportessays.com/wp-admin/iuz/ royalempresshair.com/wp-content/upgrade/Fj/ acredales.com/thank_you/d/ mail.bursaevdenevenakliyat.link/jelab/YSS/ 180clubrealestate.com/wp-includes/0go/ albertoordonez.com/coinpot-faucet/vo8/ techofbeauty.com/cgi-bin/o0/ # Reference: https://twitter.com/Cryptolaemus1/status/1321931581741817859 foryoulady.com/wp-admin/H3Tu5s/ flem-cartoons.fr/wp-includes/Gogzje/ blog.19850120.xyz/wp-admin/VOfoZiU/ capellaevents.com/val-images/mD2zBip/ amirthafoundation.com/wp-admin/0KetV/ busyafnutrition.com.au/wp-admin/A83yfME/ sploong.net/cgi-bin/JsbuL5/ sygnalizujemy.pl/wp-admin/yj/ # Reference: https://twitter.com/Cryptolaemus1/status/1322054843247300608 vidadohomem.com/wp-content/v/ ecobaratocanaria.com/wp-admin/eR/ uxnew.com/old/89i/ tz004.com/ad_files/a0/ removepctrojan.com/wp-admin/b/ mycollegecp.com/content/jA/ legalempowermentindia.com/cgi-bin/Qs/ # Reference: https://unit42.paloaltonetworks.com/domain-parking/ # Reference: https://urlhaus.abuse.ch/url/494116/ valleymedicalandsurgicalclinic.com/ujftb/statement/wr7hoba7i9hz/ # Reference: https://www.virustotal.com/gui/file/66254770f3aa819dbb3dd005d6f8318bc29852bcb0ef77f6a251803dcdbca8ad/detection http://190.162.215.233 http://190.164.104.62 http://201.241.127.190 http://37.179.204.33 107.170.146.252:8080 154.91.33.137:443 173.212.214.235:7080 61.33.119.226:443 72.186.136.247:443 # Reference: https://twitter.com/neutrify/status/1321804354907705344 betsdothizligiris.com/cgi-bin/p8mjDNVlargHA2/ rantega.com/wp-includes/public/yipMhIIK0CJSqJW2LA/ innhanmachn.com/wp-admin/sA/ shomalhouse.com/wp-includes/ID3/IDz/ blog.martyrolnick.com/wp-admin/Spq/ frajamomadrid.com/wp-content/g/ pesquisacred.com/vmware-unlocker/daC/ medhempfarm.com/wp-admin/Lb/ ienglishabc.com/cow/2BB/ # Reference: https://paste.cryptolaemus.com/emotet/2020/10/29/emotet-malware-IoCs_10-29-20.html 117.2.139.117:443 2.58.16.89:8080 85.246.78.192:80 129.232.220.11:8080 100.37.240.62:80 73.100.19.104:80 183.176.82.231:80 202.134.4.216:8080 168.197.45.36:80 49.3.224.99:8080 189.34.181.88:80 58.94.58.13:80 190.164.104.62:80 213.52.74.198:80 181.120.29.49:80 134.209.144.106:443 78.90.78.210:80 101.187.81.254:80 109.190.35.249:80 201.171.244.130:80 201.241.127.190:80 77.78.196.173:443 81.215.230.173:443 190.29.166.0:80 2.82.75.215:80 85.105.111.166:80 66.76.12.94:8080 64.207.182.168:8080 209.141.54.221:7080 118.69.11.81:7080 172.86.188.251:8080 200.24.255.23:80 188.226.165.170:8080 109.206.139.119:80 24.133.106.23:80 193.251.77.110:80 51.89.199.141:8080 109.99.146.210:8080 102.182.93.220:80 181.58.181.9:80 62.171.142.179:8080 37.179.145.105:80 172.193.79.237:80 201.71.228.86:80 37.183.81.217:80 159.203.16.11:8080 41.185.28.84:8080 103.13.224.53:80 67.170.250.203:443 5.2.246.108:80 177.130.51.198:80 192.198.91.138:443 186.189.249.2:80 200.59.6.174:80 5.2.164.75:80 74.214.230.200:80 153.204.122.254:80 201.49.239.200:443 202.134.4.211:8080 192.175.111.212:7080 109.116.245.80:80 186.193.229.123:80 188.251.213.180:80 87.230.25.43:8080 60.249.78.226:8080 190.162.215.233:80 50.245.107.73:443 60.108.128.186:80 59.125.219.109:443 188.80.27.54:80 190.64.88.186:443 201.163.74.203:80 80.227.52.78:80 83.103.179.156:80 109.242.153.9:80 61.76.222.210:80 197.221.227.78:80 181.61.182.143:80 115.94.207.99:443 68.115.186.26:80 24.230.141.169:80 173.173.254.105:80 194.190.67.75:80 78.206.229.130:80 178.254.36.182:8080 94.23.62.116:8080 190.45.24.210:80 176.113.52.6:443 217.123.207.149:80 217.20.166.178:7080 5.12.246.155:80 190.180.65.104:80 200.243.153.66:80 2.45.176.233:80 179.222.115.170:80 181.123.6.86:80 119.59.116.21:8080 189.223.16.99:80 95.76.142.243:80 89.121.205.18:80 24.178.90.49:80 190.101.156.139:80 182.208.30.18:443 120.72.18.91:80 138.68.87.218:443 98.103.204.12:443 109.101.137.162:8080 24.135.69.146:80 187.162.250.23:443 70.39.251.94:8080 202.141.243.254:443 41.76.213.144:8080 190.92.122.226:80 123.142.37.166:80 74.40.205.197:443 189.123.103.233:80 79.118.74.90:80 119.228.75.211:80 172.105.13.66:443 95.9.5.93:80 169.1.39.242:80 88.153.35.32:80 187.193.221.143:80 190.202.229.74:80 186.70.56.94:443 27.114.9.93:80 173.63.222.65:80 110.37.224.243:80 37.179.204.33:80 82.76.52.155:80 103.236.179.162:80 181.59.59.54:80 94.230.70.6:80 # Reference: https://twitter.com/Cryptolaemus1/status/1322103743584833537 kharazmischl.com/w/okz/ help-m2c.eccang.com/pseovck27kr/n/ myfarasan.com/sitepage/z/ chengmikeji.com/dertouqua/Ocm/ enews.enkj.com/wordpress/bd/ ecobaratocanaria.com/wp-admin/ms/ cimsjr.com/hospital/4q/ akoonu.com/wp-admin/public/h3McN3xP5aGtcgjf4/ # Reference: https://twitter.com/Cryptolaemus1/status/1322096259281358848 pipesplumbingltd.com/DB/Yg2rsTn/ annabphotography.co.uk/wp-includes/WdHO/ childselect.com/cgi-bin/BSA/ movie-2free.com/cgi-bin/F/ sachcodoc.net/wp-admin/pOyZDC/ aramisconstruct.ro/wp-admin/Hpbd6/ manweikeji.com/wp-content/X/ farmapleland.com/wp-content/F/ # Reference: https://twitter.com/Cryptolaemus1/status/1322181156377415680 dotasarim.com/wp-admin/AYO/ servitekifix.com/wp-admin/nBJ/ dieteticienne-tiffany.com/wp-includes/p/ moralaree.com/journal/R/ mobis-autoloan.com/wp-content/76/ footballstep.com/cgi-bin/A/ naturalwaterresources.com/wp-content/XjR/ # Reference: https://twitter.com/Cryptolaemus1/status/1322176462150078465 da-industrial.com/js/9IdLP/ daprofesional.com/data4/hWgWjTV/ dagranitegiare.com/wp-admin/tV/ outspokenvisions.com/wp-includes/aWoM/ mobsouk.com/wp-includes/UY30R/ biglaughs.org/smallpotatoes/Y/ ngllogistics.africa/adminer/W3mkB/ # Reference: https://twitter.com/Cryptolaemus1/status/1322249061362208769 inbichngoc.com/wp-admin/K/ angiathinh.com/autotoxication/96F/ meshzs.com/wp-includes/p6/ dartzeel.com/wp-content/jHy/ zhidong.store/wp-content/BDY/ australaqua.com/wp-content/xIt/ nurmarkaz.org/designl/u/ # Reference: https://twitter.com/malware_traffic/status/1322292869584035841 # Reference: https://app.any.run/tasks/22ebd2c7-0e8d-4966-885a-e592345cf173/ 45.230.228.36:443 # Reference: https://twitter.com/neutrify/status/1322326661858250752 dotasarim.com/wp-admin/AYO/ servitekifix.com/wp-admin/nBJ/ # Reference: https://twitter.com/Cryptolaemus1/status/1323297480843403264 201.184.105.242:443 74.75.104.224:80 78.125.252.112:80 # Reference: https://twitter.com/Cryptolaemus1/status/1323356134233747461 105.184.126.15:80 154.127.113.242:80 5.2.182.7:80 # Reference: https://www.virustotal.com/gui/file/04fe8553d197a8433ea9c11a17806fefa6b8da562dc8e68aecf5899a433d16c3/detection http://80.227.52.78 167.71.13.58:8080 195.201.128.184:8080 # Reference: https://twitter.com/neutrify/status/1324839425340309504 pipesplumbingltd.com/DB/Yg2rsTn/ annabphotography.co.uk/p-includes/WdHO/ childselect.com/cgi-bin/BSA/ movie-2free.com/cgi-bin/F/ sachcodoc.net/p-admin/pOyZDC/ aramisconstruct.ro/p-admin/Hpbd6/ manweikeji.com/p-content/X/ farmapleland.com/p-content/F/ # Reference: https://www.virustotal.com/gui/file/6e7b92af945eb2de94528ce9dc2e5c2e28af3363f6726c75c2bbfb0f8d2ca2fe/detection 61.142.176.23:30339 1e62p84873.51mypc.cn # Reference: https://www.virustotal.com/gui/file/5167022959e19b004ebe4b82604ffbe83ece55964953c50cd539647a44a3d3b5/detection 83.35.213.87:7080 # Reference: https://twitter.com/JCyberSec_/status/1331933717678460929 hotwell.at # Reference: https://neurosoft.gr/wp-content/uploads/2020/12/Emotet-White-Paper-IOCs.pdf 0377hhd.com/cgi-bin/q/ 0377hhd.com/cgi-bin/ru/ 360www.ca/content/2/ 4pmedia.vn/wp-admin/docs/w7Dp3kbsjwHYVp3xIzjY/ 9c4i.cn/flightsearch/DOC/ZZofE663toMZcR/ aahnaturals.net/wp-includes/TX/ adidasyeezy.store/welph/m/ admvero.com.br/eleicao/EJcX/ africafoodworld.com/wp-admin/WD/ afriwaste.app/wordpress/N7L/ agily.fr/wp-content/INC/HYZgOObWGv0Dd0YS/ agriseason.africa/wp-includes/Juv/ agroproindia.com/cgi-bin/95r09UGlIj/paasologrp.com/parseopmlo/5/ aguemiimoveis.com/bond-market/73a/upcloudweb.com/content/a/ airrlist.com/wp-includes/VBG/ akoonu.com/wp-admin/public/h3McN3xP5aGtcgjf4/ allindiacrimepress.com allindiacrimepress.com/blogs/media/AO9/ amerifencewichita.com/indexing/4ZIF1OB9W2GK/Wvw5WKvUFnBFpOpJQG/ amicusdh.org/coaid/0g/ anjia-ceramics.com/aliner-camper/K/ annabphotography.co.uk/p-includes/WdHO/ apidocs.dcdial.com/wp-includes/H/ aramisconstruct.ro/p-admin/Hpbd6/ aryacreations.com/wp-includes11/tf/ avoyrakib.com/wp-admin/28/ avozdecamacari.com/home/000~ROOT~000/dev/shm/E/ bachhoanhale.com/wordpress/I/ bathroomnerds.com/wp-content/e/ bazarkotulpur.com/wp-content/0tu/ beta.zoneberry.com/bysyswexecf/x3/ betsdothizligiris.com/cgi-bin/p8mjDNVlargHA2/ bharatlearningsolutions.com/content/MNd/ bigprint.pictures/cgi-bin/o/ blackstonetutors-onlineportal.com/wp-includes/fm/ blog.martyrolnick.com/wp-admin/Spq/ bloglamtinh.com/wp-admin/N/ bnmintl.com/cgi-bin/Ibu/ bold-c.com/wp-admin/Ac/ bomfuturoadesivos.com/gallery_03f59a1cc20096539c7aec1b61d7471a/3e/ brasilcacambas.com.br/ breedenandsilver.com/wp-content/ix6/ brightcdr.com/wp-content/LNTELiq/ buesink.com/Pics-shower/ScE/ buybacksoft.com/old/5s/ bvlserramenti.net/wp-content/35280569593/kjLpBnrK6kLEgZ3/ calculafacturaluz.com/sys-cache/9W/ cavancart.com/staticmap/WR/ cearacultural.com.br/admin/itkfdUik4/ cefaly.club/themes/lA/ celestinastore.com/old/rB/ charlesze.com/content/z0lGKS/ chavezrob.com/wp-includes/zkd/ chemicalbusiness.com.br/wp-admin/sites/WJAKzmqhFV7fRahBTc/ chengmikeji.com/dertouqua/Ocm/ chengmikeji.com/wp-includes/sk/ chess-pgn.com/win-raid/l6T5/ childselect.com/cgi-bin/BSA/ childselect.com/cgi-bin/a/ childselect.com/cgi-bin/y/ cimsjr.com/hospital/4q/ comercialadvance.com/images/MFXxM5Tg/ converdrive.cl/administrative-assistant/onME1zxPMS/ coolfit.in/wp-content/ivi/ cplt20live.com/wp-includes/ae/ creationskateboards.com/shred/H/ criee-des-saveurs.com/wp-admin/public/STMm3p0jJDUqkWV/ da-industrial.com/js/A4/ daga88.com/reviewl/Tj0Ntc dailypharmajobs.com/cgi-bin/CyCdO/ datawyse.net ddazzlediamonds.com/advertisel/m/ demowebsite6.club/wp-admin/wKm1/ dev-tech.eu/demoshop/P0/ dieteticienne-tiffany.com/wp-includes/p/ dietherbsindia.com/assets/k8oo/ dijitalklinik.com/wp-admin/LYq/ divemed-tech.com/will-a/gjzE/ dlhagency.com/cgi-bin/8z/ dmtland.com/wp-admin/4k/ dotasarim.com/wp-admin/AYO/servitekifix.com/wp-admin/nBJ/ drwalidabdelgaffar.com/dentalia/lL/ duberysunglass.com/img/A/ e-machine.com.br/mailer/BjCInTq6b/ easytigershop.com/wp-includes/css/GxWFH/M/ ecobaratocanaria.com/wp-admin/eR/ ecobaratocanaria.com/wp-admin/ms/ ecommarket.xyz/uptown/LSm7vXy0v/ econews.treegle.org econews.treegle.org/how-to/2V/ edgeclothingmcr.com/indexing/c9/ eldahwa.com/9th-grade/F2Kw/ electronicsvibes.com/wp-includes/4N/ emmanuelmonastery.org/wp-admin/d/ emroozmarket.com/wp-content/2y/ enews.enkj.com/wordpress/bd/ engineering-2s.com/SS_Paypal/X/ englishmatters.hk/wp-admin/hDcXxqmeD8/ envirohubconsulting.co.za/cgi-bin/vI5/ eos-promo.com/hk-sgp/Tg4/ equipamentosmix.com/10/Bjky/ esse-outdoor.com/wp-admin/G6EJGCZE7MV/nHfGSKQ46euUGl/ events.medialogic.cloud/blazor-preventdefault/r8W/ evexiahk.com/wp-content/u2x/ evisualsoft-001-site3.atempurl.com/wp-content/C7/ exploreneuro.com/ps4-controller/w/ farmapleland.com/p-content/F/ ferreteriassolano.com/wp-content/x/ financiamentointeligente.com/wp-content/Fj/ finkarma.in/wp-admin/parts_service/VAdFw9JJj4DcC85StkyL/ florinconsultancy.com/wp-content/1/ footballstep.com/cgi-bin/A/ forsalebyowner247.com/wp-includes/8m/ fortunelabels.com/test/SZ/ foulgerteam.com/foulgerteam.com/i/ frajamomadrid.com/wp-content/g/ genyomalhas.com.br geosrt.com/atrabiliary/yfH/ giacimenti.wine givingthanksdaily.com/5Q/ goldenyemen.com/wp-admin/INC/RUoRW1W0oDKQg/ gordon-and-son.com/wp-includes/n/ grandages.org.my/office/y6Uz/ greensync.com.br gtech.thngo58.com/wp-includes/9zo/ gymmuscle.tk/wp-content/U8j1Bkh/ habiganjjournal.com/wp-content/TUQB/ hashilife.com/sitepage/GY/ help-m2c.eccang.com/pseovck27kr/n/ hodmunha.info/wp-includes/Ce/ homeabortionpillsrx.com/ext/N6SKd/ hoobiq.com/cgi-bin/Xyv/ hostimpel.com/js/q/ hottco.com/stats/lX/ housetutor.wasseela.com housetutor.wasseela.com/x2ekf/sWv/ housetutor.wasseela.com/x2ekf/tMR/ hrinternationalbd.com/selectar/h/ humanresourceslifeline.com/wp-content/Documentation/jMe4PpvS9x4QO8N6a1/ huwo.xyz/message/u/ icilimoges.com/wp-includes/Ym/ ictmisericordia.org/cgi-bin/c/ iei7.com/wp-admin/5ShKLn/ ienglishabc.com/cow/2BB/ imenbartariran.com/wp-admin/CZ/ inbichngoc.com/wp-admin/S/ infoquick.co.uk/business_card/RANADek/ inmobiliariaconfiaviv.com/wp-content/eTrac/BadR1jgkpBK/ innhanmachn.com/wp-admin/sA/ innhanmacquanaogiare.com/wp-includes/Jh1/ innoovation.com/blogs/sOKc4/ inspira-psicologia.com/css/F/ invaluablearts.com/6sn1f/t/mycollegecp.com/content/kRL/ inventorelectronica.com/wp-admin/M/ iq51.com/wp-admin/tBO/ isupportthecause.org/wp-includes/sbCBUzN/ itaalabama.org/wp-admin/LLC/433O2ew51Qg/ itgallery.com.bd/backup/7/ jespersen.org/carter/J/ jobmuslim.com/wp-admin/js/widgets/HrWFGwvcF/ johndaurizio.com/wp-includes/Uhp4cB5mgN/ jorgecoronel.com/webmaster/kYH/ kailaasa.ca/wp-admin/zeJssVj/ kbppp.ilmci.com/wp-includes/z/ kharazmischl.com/w/okz/ khudanculongdien.vn/wp-admin/HB/ kianyadak.com kianyadak.com/ik/M/ krais.co.il/wp-admin/b/ ladsbarbearia.com/wp-content/PI/ launch.tactikafacewear.com/wp-content/Uk/ legalempowermentindia.com/cgi-bin/Qs/ libidgel.edtsantos.com/attachments/tovx4Z21Z0vnneKNz/ lifegear.store/wp-admin/RsMLwQ/ lingbaojuan.com/cache/TSkvly/ lsmanga.com/migration/FaU/ luofox.com lylydressforless.com/wp-admin/ffV/99fabrics.com/wp-content/dGq/ mahfuzur32785.com/identify-the/IM/ mail.cozyreview.com/ mail.cozyreview.com/Ko8/econews.treegle.org/how-to/v/ mail.maxjalost.de/ogretmenevi/parts_service/atv5vHbwJLs/ mallowsvirtualcreatives.com/llfdsofdsfss/51C/ manweikeji.com/p-content/X/ mauriciosinjuicio.com/zoom-meeting/r/ mea.kaisariani.gr/tmp/eTrac/Wrinfk9rgr/ medhempfarm.com/wp-admin/Lb/ meeak.com/wp-admin/lcJ/ mentoringcue.com/cgi-bin/wRA/ methilinfotech.com/maliga/th/ michaelandrewsbakery.com/wp-admin/M/ mithraa.co/nMT/ mobis-autoloan.com/wp-content/76/ mohamedfouad84.cf/wp-admin/esp/6F6ZbRmOSh3Y/ mohamedsayed.com/wp-admin/Zt/ monicasharma.info/reviewl/i/ moralaree.com/journal/R/ movie-2free.com/cgi-bin/F/ movie-2free.com/cgi-bin/d/ mrveggy.com/erros/PO/ mycollegecp.com/content/jA/ myfarasan.com/sitepage/z/ mymathlabhomework.com/wp-content/o/ myseedology.com/cgi-bin/7GzFsT/ naturalwaterresources.com/wp-content/XjR/ novaworlds-muine.com/khudothiaquacity.com/a/ nucleokardecistalace.org.br/wp-includes/nHEnWi/ nursesweekparty.com/wp-includes/bQR/ nxyykj.com/wp-includes/public/fsjkKDRASoYBv/ olimpiadasolidaria.com/wp-snapshots/BM7ftDR7a/ onepalate.biz/wp-content_bak/Bc/ online2u.biz/ogretmenevi/4Yj/ onlinedatabasesolutions.com/cgi-bin/Documentation/nn7GTEoQPlnkrDJOVDgq/ optimisticdeals.com/wp-content/S/ ortodonciatafur.com/cgi-bin/Ntl3kiFM/ p4uclasses.com/wp-content/G/ paganwitch.com/wp-admin/0pd/ paikapua.com/a0brac3/Y/ paisocial.org/wp-includes/X9D/ pandebaik.com/_vti_bin/Y/ pearlcomputers.com.pk/bitcoin-apk/37qD0b/ personaltrainersindia.com/fonts/Q55X/ peruvianmister.com/wp-admin/browse/xHOyYgbYmWzNrIW2/ pesquisacred.com/vmware-unlocker/daC/ pgiso.com/wp-admin/mCQ/ pipesplumbingltd.com/DB/Yg2rsTn/ plakatjogja.com/wp-content/X/ poppylon.com/wp-admin/E22zho/ portal.digitalcompass.com/Styles/deeB/ portesobertes.proven.cat/wp-content/Overview/Ql24rtGdmlwBBY7I/ ppinds.in/fonts/NnaS2zf/ prabhatcycles.com/prabhatcycles/U1i7/ primecigarettes.com/wp-content/7/ prospershow.com/wp-content/I/ pxid360.com/wp-admin/PN/ qualitymathtutors.com/wp-content/GfE/ quicktowtowing.com/wp-content/mu-plugins/uMM/ raissamaison.com/wp-includes/EENf/ rantega.com/wp-includes/public/yipMhIIK0CJSqJW2LA/ removepctrojan.com/wp-admin/6/ removepctrojan.com/wp-admin/b/ riandutra.com/img/YX1/ right2liferx.com/admin/AcgEH/ rise-creative.com/cgi-bin/K/ rossie.in/wp/6L0U/ rovonize.com/email.rovonize.com.rovonize.com/M/ royalempresshair.com/wp-content/upgrade/Ete/ royalnight.in/wp/lEA2gXXBj/ rtjandxly.online/wp-content/kir/ rylh.vip/abeka-9th/d9/ sachcodoc.net/p-admin/pOyZDC/ safeabortionrx.com/ext/XII/ sanayate.com/wp-includes/hd/ sff3d.com/3d/xk/ sheriaspace.com/wp-admin/R/ shomalhouse.com/wp-includes/ID3/IDz/ shraddhacarrentalindore.com/wp-includes/M/ sinapsisenergia.com/customerl/tE/ singohotel.com/dashboardl/q/ sistaqui.com/wp-content/l2/ skysatservices.co.uk/cgi-bin/parts_service/O8xj3TSqVNo6OVs/ sorbonne-capital.com/wp-admin/G/ sorbonne-capital.com/wp-admin/Jip/ souryumon-alive.net souryumon-alive.net/VL/ speedypush.com/wp-includes/6/ statusquobrand.com/1/HS/ studyguidewithlakshmi.com/directory/v982c9VH5c/ supplementhouse.net/ swiftlogisticseg.com/wp-admin/jiX/ syracusecoffee.com/customer/jf/ tanger-soft.com/does-leaving/Kig/ tasagodigital.com/sitepage/iEK/ tatilburdur.com/scutum/KV/ tesson.in/tesson/Pages/OiqPrYbxxPz/ thepremiumplace.com/wp-content/5/ thestudio-ct.co.uk/events/P3/ thetechieforu.com/wp-includes/2/ theusacommunity.com/wp-content/WH/ tigerstormtraffic.com/wp-includes/h23/ tiktokvapes.com/wp-admin/xL/ timsonntag.com/cgi-bin/g/ tinytowntees.com/wp-content/TV/ tiplabor.com/images/Du1/ titanfurniture.store/wp-admin/paclm/vU6iaHwTjD/ treeremovalnerds.com/wp-content/7n5ut/ trungtamgioithieuvieclamdongnai.com/submit_form/sFO/ trungtammtc.com/wp-admin/LP/ twogirlscleaning.com/openbayl/KaI/ tz004.com/ad_files/a0/ udaysolopiano.com/wp-content/J/ ulkucusarkilar.com/networko/wN/ usasnet.com/forgottenl/gkT/ uxnew.com/old/89i/ vat201.com/calculator/itQ/ vidadohomem.com/wp-content/Eu/ vidadohomem.com/wp-content/v/ vikinggg.com/hydrolysis-of/bY/ virtual-event-service.com/assets/tW/ visionmedia.vn/wp-includes/bjkuZ9LtT/ vnadevelopers.com/wp-admin/BF/ vuatritue.com/wp-admin/Ux/ weapontoys.com/wp-content/Ok/ webgisjambi.com/wp-content/uploads/V5a/ widewebit.com/wp-admin/DOC/uDEzzms8hT/ wodsuit.com/ram-aisin/7r9/ yadanaraung.com/wp-content/zWNM/ yogeejee.com/wp-includes/b/ zagoradesertcamp.com/templates/u/ zero-finance.com/wp-content/6sa/ ziaonlinetutor.com/wp-content/a/ # Reference: https://twitter.com/VirITeXplorer/status/1340965185952092160 # Reference: https://twitter.com/Cryptolaemus1/status/1341014410119303168 # Reference: https://twitter.com/bomccss/status/1340967391602216960 # Reference: https://twitter.com/reecdeep/status/1340984037402419202 # Reference: https://twitter.com/bomccss/status/1341000147115786242 # Reference: https://twitter.com/Cryptolaemus1/status/1341093468991610881 # Reference: https://pastebin.com/sBJkarSY # Reference: https://app.any.run/tasks/94605ec6-f1cc-4fcb-8089-411f2e4bc12a/ accordiblehr.com/wp-admin/HdzyEn/ aeropilates.cl/wp-content/Service/ aktuel.marduk.kim/dooxi-fuel-hf09b/Logs/ alshuwail.com/cgi-bin/5/ amartaka.net/az-artifacts-kqlgo/I/ aramisconstruct.ro/wp-admin/uX/ ardenneweb.com/765779o900/re/ assecon.com.br/novoassecon/diagnostics/ azraktours.com/wp-content/NWF9jC/ bekape.co.id/_notes/SIGNUP/ biglaughs.org/smallpotatoes/rRwRzc/ blog.vishou.net/admin/font/ braam.com.br/c/oaA7YWWX/ brand360.vn/bljgz/93U/ cearacultural.com.br/admin/Sys/ cheetahridge.mediadevstaging.com/c/B/ comunicacaovertical.com.br/agencia/MtX/ countsquare.com/standardservices/mnR4/ elemsindikat.com.mk/shadow-vip-2pxdt/Pyh/ enableinfosolutions.com/old/q2V/ fi.bonitastores.com/n/WUGoZ/ friendsofchrist10.com/streamlabs-obs-rarso/SIGNUP/ genzmag.com/ratings/VQ8n/ goldcoastoffice365.com/temp/X/ goldilockstraining.com/wp-includes/bftt/ guojiazui.com/b/y0QnnWbk/ heaventoearth.com/360views/xu/ helionspharmaceutical.com/wp-admin/oXJB/ infosisconsultancy.com/wp-includes/d60/ iog.com.cn/css/Sys/ jarodcharity.org/wp-includes/9ocR/ jeffdahlke.com/css/bg4n3/ josegene.com/theme/gU8/ jpkiselavoda.mk/advertising/Pl1SS/ ko-racingshop.com/account-eu/Y6W/ lixko.com/wp-includes/VGX/ mateusz1infa.5v.pl/titan-structures-dotzt/Rl555/ megasolucoesti.com/R9KDq0O8w/Microsoft.NET/ mobgroup.com.br/wp-content/font/ mrveggy.com/erros/s0/ musickidsprogram.com/wp-includes/2huOL/ nguyenphuchn.com/wp-content/iN/ norailya.com/vendor/1j/ palladium.tdmcdev.co.za/nsw-gold-h4ld3/2d/ parakkunnathtemple.com/bckup/7SDAvi/ paulscomputing.com/CraigsMagicSquare/H/ pellesbar.co.il/wp-content/microsoft/ phasdesign.com/wordpress/MSInfo/ pos-egypt.com/wp-content/xTr/ preparateparaloquevenga.com/predisi-tgl-jlpml/jjvCL/ qualcommmedia.com/wp-includes-old/m4/ resuco.net/wp-content/uploads/2020/12/S0K/ riandutra.com/img/dRWJ5aN5/ schooldz.co/wp-content/v/ siamimplement.co.th/images/System32/ snjwellers.com/wp-includes/esttW/ swallow.tdmcdev.co.za/accident-on-wh7ag/x/ talkischeap.co.za/4-pin-iscru/t7k/ themesgiant.net/wp-content/microsoft/ themoviebazar.com/2007-bmw/Help/ thoitrangtrungnienkim.vn/wife-AND/Help/ unikaryapools.com/wp/Speech/ vilajansen.com.br/loja_old_1/System32/ vod.vishou.net/data/6hCNth/ whytech.info/wp-includes/HceUxFK/ zebaorganics.com/wp-admin/en-US/ # Reference: https://neurosoft.gr/wp-content/uploads/2020/12/Emotet-White-Paper-IOCs.pdf 115.165.3.213:80 123.216.134.52:80 89.2.145.86:80 186.32.90.103:443 27.73.70.219:8080 104.131.103.128:443 85.96.199.93:80 147.91.184.91:80 70.116.143.84:80 118.2.218.1:80 66.65.136.14:80 97.107.135.148:8080 181.126.74.180:80 174.102.48.180:80 153.220.182.49:80 115.135.158.13:80 24.249.135.121:80 180.23.53.200:80 2.84.135.163:80 179.15.102.2:80 41.40.125.237:443 65.111.120.223:80 85.25.207.108:8080 105.185.152.15:80 38.18.235.242:80 51.254.140.91:7080 209.143.35.232:80 85.75.49.113:80 116.202.23.3:8080 94.96.60.191:80 194.166.147.143:80 186.222.250.115:8080 2.85.9.41:8080 187.207.207.16:80 191.97.154.2:80 91.83.93.99:7080 209.54.13.14:80 181.56.32.36:80 186.20.52.237:80 164.160.45.41:8080 14.241.182.160:80 61.118.67.173:80 5.189.168.53:8080 94.49.254.194:80 2.84.12.98:80 51.75.163.68:7080 189.194.58.119:80 221.147.142.214:80 85.59.136.180:8080 67.241.24.163:8080 200.116.93.61:80 70.180.43.7:80 72.10.36.104:8080 64.183.73.122:80 94.102.209.63:7080 93.151.186.85:80 201.213.156.176:80 24.232.36.99:80 2.58.16.85:7080 91.213.106.100:8080 181.169.235.7:80 223.135.30.189:80 186.109.152.201:80 181.80.129.181:80 109.190.249.106:80 188.40.170.197:80 181.114.114.203:80 181.126.54.234:80 78.101.224.151:80 195.7.12.8:80 169.1.211.133:80 202.4.57.96:80 86.123.55.0:80 182.176.95.147:80 85.214.28.226:8080 41.106.96.12:80 76.121.199.225:80 220.106.127.191:443 104.251.33.179:80 173.212.197.71:8080 82.78.179.117:443 109.169.12.78:80 202.4.58.197:80 82.163.245.38:80 192.187.99.90:8080 209.126.6.222:8080 192.158.216.73:80 178.128.14.92:8080 62.108.54.22:8080 38.111.46.46:8080 67.10.155.92:80 24.135.198.218:80 189.35.44.221:80 5.9.227.244:8080 159.203.116.47:8080 153.92.4.96:8080 190.212.133.239:443 92.23.34.86:80 155.186.9.160:80 60.108.144.104:443 66.228.49.173:8080 46.22.116.163:7080 51.75.33.122:80 105.213.67.88:80 75.188.96.231:80 185.33.0.233:80 197.245.25.228:80 173.68.199.157:80 197.249.6.179:443 187.49.206.134:80 97.104.107.190:80 212.198.71.39:80 181.74.0.251:80 76.171.227.238:80 81.129.198.57:80 179.191.239.255:80 190.117.79.209:80 98.174.164.72:80 187.64.128.197:80 178.238.232.46:443 94.206.45.18:80 175.143.12.123:8080 173.249.6.108:443 105.186.233.33:80 118.110.236.121:8080 202.5.47.71:80 180.21.3.52:80 203.205.28.68:80 199.101.86.142:8080 74.219.172.26:80 108.26.231.214:80 219.75.128.166:80 67.163.161.107:80 89.186.91.200:443 5.196.108.185:8080 99.224.14.125:80 202.22.141.45:80 27.7.14.122:80 45.33.35.74:8080 208.180.207.205:80 153.164.70.236:80 101.50.232.218:80 178.87.171.199:80 80.87.201.221:7080 104.131.92.244:8080 195.181.215.65:4143 185.63.32.149:80 95.85.151.205:80 111.89.241.139:80 153.163.83.106:80 185.232.182.218:80 73.84.105.76:80 1.54.67.22:80 118.7.227.42:443 96.126.101.6:8080 51.38.50.144:8080 145.236.8.174:80 188.166.25.84:8080 76.168.54.203:80 118.70.15.19:8080 213.181.91.224:80 123.51.47.18:80 119.106.216.84:80 72.249.144.95:8080 2.36.95.106:80 116.125.120.88:443 176.9.93.82:7080 5.153.250.14:8080 93.20.157.143:80 87.98.218.33:7080 104.193.103.61:80 92.24.51.238:80 182.187.139.200:8080 94.124.59.22:8080 149.202.5.139:443 190.151.5.131:443 # Reference: https://pastebin.com/raw/Di0gDrDC 74.128.121.17:80 190.114.254.163:8080 81.213.175.132:80 113.163.216.135:80 58.1.242.115:80 200.111.198.76:80 103.229.72.197:8080 181.165.68.127:80 79.118.72.250:80 195.159.28.244:8080 45.230.45.171:443 37.247.101.241:8080 45.4.32.50:80 190.147.84.191:443 172.245.248.239:8080 27.78.27.110:443 168.121.4.238:80 110.145.11.73:80 5.2.212.254:80 80.15.100.37:80 24.69.65.8:8080 172.125.40.123:80 191.223.36.170:80 72.188.173.74:80 177.254.134.180:80 69.159.11.38:443 136.244.110.184:8080 185.201.9.197:8080 178.62.254.156:8080 186.222.53.247:8080 163.53.204.180:443 47.144.21.37:80 50.246.154.69:80 208.74.26.234:80 180.232.111.30:80 152.170.205.73:80 192.232.229.53:4143 161.0.153.60:80 111.67.12.222:8080 201.127.11.90:8080 188.225.32.231:7080 93.148.247.169:80 108.21.72.56:443 45.184.103.73:80 181.171.209.241:443 70.32.89.105:8080 203.160.167.243:80 1.234.65.61:80 110.39.160.38:443 177.85.167.10:80 115.79.119.206:443 190.146.92.48:80 202.79.24.136:443 144.217.7.207:7080 190.251.216.100:80 51.89.36.180:443 172.104.46.84:8080 110.39.162.2:443 189.191.59.232:443 190.18.184.113:80 122.201.23.45:443 186.146.13.184:443 182.73.7.59:8080 186.146.229.172:80 24.245.65.66:80 # Reference: https://app.any.run/tasks/1a576ee4-6e2c-4bda-abd2-f240731f6066/ 45.33.54.74:443 209.141.41.136:8080 104.236.246.93:8080 # Reference: https://app.any.run/tasks/4c47eb6e-9649-41a2-a405-4cd10a4a25dc/ http://197.87.160.216 laserhuayna.com # Reference: https://www.virustotal.com/gui/file/551910c092733b7324c377351583667a6389e76f8e36f1ee73c82d354f970cbc/detection 50.116.111.59:8080 countsquare.com/standardservices/mnR4/ infosisconsultancy.com/wp-includes/d60/ jpkiselavoda.mk/advertising/Pl1SS/ ko-racingshop.com/account-eu/Y6W/ yourdrugsassist.com # Reference: https://twitter.com/Cryptolaemus1/status/1341364879782010883 aciparis.com/content/Cs/ alsaudiacuttingmaster.com/anticalculous/LA/ alshuwail.com/cgi-bin/5/ amyzeng.net/content/mgms/ anjumanclick.com/q/kvM/ aramisconstruct.ro/wp-admin/uX/ atom.lk/wp-content/DL/ bellevueairductcleaning.com/wp-admin/zK/ bienhoacitysq.com/wp-content/xYp/ brand360.vn/bljgz/93U/ dagranitegiare.com/wp-admin/jCH/ datnenduanbd.com/public_html/Dezl7/ dive-hoian.com/_file-manager/sO/ drakoranime.com/wp-admin/rN/ dreamwithdell.com/wp-includes/pX/ duocnhanhoa.com/wp-admin/J5JbVEY/ dupuisacademy.com/projects/media/v/ ecomdemo2.ogsdev.net/wp-content/zWWB/ expeditionquest.com/X/ football-eg.com/web_map/n/ game.vlexor.com/links14/WUSs/ geoffoglemusic.com/wp-admin/x/ greaudstudio.com/docs/FGn/ hbprivileged.com/cgi-bin/kcggF/ imkol.hk/photo_search/3kc/ johnhaydenwrites.com/track_url/P/ koreankidsedu.com/wp-content/2cQTh/ lavenderkart.com/blogs/nZP5c/ legion.com.pk/__MACOSX/pT3h/ localaffordableroofer.com/ralphs-receipt-f2uhf/qTT5DC/ luxuryavenew.com/wp-admin/RIl1/ mundoahorronline.com/wordpress/2S1/ nahlasolimandesigns.com/nahla3/d/ penambahberatbadan.info/r/pXPKwJ/ pinkista.net/wp-includes/B/ pox23.io/wp-content/I/ sageartisan.com/wp-content/1KsvR/ sancydubai.com/setupconfigo/R9/ sanolifescence.com/cgi-bin/E/ suriagrofresh.com/serevers/MVDjI/ talktalkenglish.vn/database/v/ thaithienson.net/wp-admin/EksZXO/ thienloc.org/data-sgp-kgfig/AaK/ venuspowerbd.com/wp-includes/bLm/ vietnhabienhoa.com/wordpress/QUTy/ wellnursesmartnurse.co.za/wp-admin/HFdox/ yellomosquito.com/wp-includes/w/ zenithcampus.com/l/yQ/ zhongshixingchuang.com/wp-admin/OTm/ # Reference: https://www.virustotal.com/gui/file/07954a3e04bf45308251fa489e56c8b119621131ec4617553fc17ae1e98e051b/detection 4kbutsho.xyz chiangmainightsafari.com/wp-admin/lrPiggcI/ freeresellerserver.com jiohosting.xyz # Reference: https://www.virustotal.com/gui/file/dc3f7f19ed2df8acaa0e1a78da4a9a796e88eed1ee2528983c4327eeeed3a619/behavior inter-mvietnam.com/wp-content/nxcrv2/ qa-home.com/dlkc3/f0x0011/ # Reference: https://twitter.com/Cryptolaemus1/status/1343627325607469057 # Reference: https://twitter.com/Cryptolaemus1/status/1343660665140084744 # Reference: https://twitter.com/Cryptolaemus1/status/1343665050423353345 # Reference: https://twitter.com/Cryptolaemus1/status/1343678997339766784 # Reference: https://twitter.com/Cryptolaemus1/status/1343697973176389633 # Reference: https://twitter.com/Cryptolaemus1/status/1343822792505102336 # Reference: https://twitter.com/Cryptolaemus1/status/1343845723348021249 http://206.189.146.42/wp-admin/F0xAutoConfig/XR9/ aaskuu.com/ALFA_DATA/97Z/ alabamaballdrop.com/wp-includes/kef1U/ alsaudiacuttingmaster.com/afterpiece/cH/ andeanreach.com//MSInfo/ batdongsanvip.com.vn/wp-content/jHkl/ beidou.run/Acoemeti/VGX/ bharattimeslive.com/wp-content/Jm2pO/ cashyinvestment.org/wp-content/IH/ coastlinepoolspa.com/wp-content/S88uK/ codsambal.com/wp-admin/6NEEEtf/ dr-yasser.com/wordpress/JNS/ dupuisacademy.com/projects/media/Me6bB/ gacetaeditorial.com/p/TYkn/ gjorgji.com/1v1lol-unblocked/JRuP/ harmonimedia.com/wp-content/uploads/Zol/ helionspharmaceutical.com/wp-admin/Yg/ hmhaliyikama.com/site_map/SpeechEngines/ kolerkar.com/wp-snapshots/aRfdr7HT1/ lainiotisllc.com/postauth/7XhB/ lnfch.com/wp-includes/quC/ memoria.od.ua/wp-admin/GbLB2/ modernortodonti.com/thankyou1/QE5y6jiy/ mumglobal.com/content/Z/ nahlasolimandesigns.com/wp-admin/0HHK7/ ncap.lbatechnologies.com/media/6iQ/ norailya.com/drupal/Stationery/ onevoice.co.in/best-selling-wcc/d3/ paroissesaintabraham.com/wp-admin/H/ penambahberatbadan.info/x/inf/ phasdesign.com/wordpress/G/ praticideas.net/wp-content/inf/ qualcommmedia.com/wp-includes-old/rW1/ savedahorses.org/wp-content/xH/ scope-sci.org/kahoot-bot-tj6t0/22/ secretmassageclub.co.uk/wp-includes/inf/ sevensteel.com.tr/wp-content/syi4964/ siitav.net/cuim/data/2/ sistempark.net/wp-includes/7AP/ theo.digital/wp-admin/E/ tillmoon.lt/wp-includes/P/ tools.apecsoft.asia/application/O/ tudatosmarketing.hu/wp-includes/EWiggLh/ turbo-services.com/C:/hE1eMB/ worldcologistics.co.za/wp-includes/BVO1P/ xiaowo.ltd/wp-content/g/ # Reference: https://twitter.com/malware_traffic/status/1343630789683118081 190.210.246.253:80 46.101.230.194:443 karsonhomecare.com/wp-includes/Yo/ # Reference: https://twitter.com/Cryptolaemus1/status/1344007302014238720 freejobalertcom.xyz/wp-admin/858/ jarininternational.com/wp-includes/k8buV/ juju.jebcom.de/errordocs/I0K/ lapcare.com/wp-content/o2BwO/ multitools.gr/wp-content/zo/ sinclair-electrical.com/wp-includes/LmhG/ vissermalin.com/wp-content/vQ5/ # Reference: https://twitter.com/Cryptolaemus1/status/1344007302014238720 achutamanasa.com/garmin-pro-fei8o/mW/ fmcav.com/images/7FV4Nd/ geoffoglemusic.com/wp-admin/7C11oAC/ geosrt.com/aqqhwdap/l0/ johnloveskim.com/a/Tff/ removepctrojan.com/wp-admin/ak0chH/ theprajinshee.com/otherfiles/wAFP/ # Reference: https://twitter.com/Cryptolaemus1/status/1343954297512468482 alrlawsv.com/explain-functions-kuubxdu/4LAy/ arefhasan.com/wp-admin/z/ bidwincash.com/wp-admin/8NUY/ messenger-courier.com/content/Service/ psishops.com/wp-admin/MSInfo/ redmanns-way.com/jeff-intervention-txqikkf/Engines/ # Reference: https://twitter.com/Cryptolaemus1/status/1343972777041272833 91damimi.com/wp-admin/V/ athenaat.com/content/MSInfo/ fraud.bpcbankingtech.com/wp-content/Logs/ nichimanabi.com/wp-content/en-US/ shop.schlachtstall.de/wp-content/microsoft/ sturing.info/thumbnails/Engines/ # Reference: https://twitter.com/Cryptolaemus1/status/1343911941140606977 cahyaproperty.bbtbatam.com/mhD/ coshou.com/wp-admin/EM/ depannage-vehicule-maroc.com/wp-admin/c/ dieuhoaxanh.vn/wp-admin/a/ familylifetruth.com/cgi-bin/PPq7/ techworldo.com/cgi-bin/gcZ/ todoensaludips.com/wp-includes/9/ # Reference: https://twitter.com/Cryptolaemus1/status/1344019961803628545 dynamicsteels.com/can-you-lpy7p/MaJIcT/ lixko.com/wp-includes/LEq9VJd/ members.nlbformula.com/cgi-bin/vazlwkU/ srishtiherbs.com/jms/bq8/ surfboarddigital.com/carol-stream-i7lsj/8e/ unikaryapools.com/wp/ysFiRq1 zhongshixingchuang.com/wp-admin/N2X3/ # Reference: https://twitter.com/Cryptolaemus1/status/1344025733874782208 adnlight.com/v/Q/ nicoblogroms.com/wp-includes/IZj/ shortnr.xyz/wp-content/zBgK/ taylordbackups.com/wp-includes/Dfp/ thexanhmy.com/chCounter/t/ valenciancountry.com/wp-includes/kppS/ vicharemasala.com/wp-admin/1pXep/ # Reference: https://twitter.com/Cryptolaemus1/status/1344032119996248064 fundglobally.org/googleLib/7on/ heartssetfree.org/9c950e/tw/ kiralikbahissitesii.com/wp-admin/A/ mt4-ea.vip/sys-cache/bAAN/ paulscomputing.com/CraigsMagicSquare/csrJgJZ/ talentztech.com/histioid/X3/ tecshop.website/wp-includes/kZK/ # Reference: https://twitter.com/Cryptolaemus1/status/1344034210823208962 amarguwahati.com/wp-includes/bx7PZR/ dorotheesausset.com/wp-content/Sys/ events.ileafconnects.com/cgi-bin/System_32/ looksociety.org/membership-mail/bb0EIUyTb/ muahangvietmy.com/wp-admin/css/colors/light/Help/ thedesirelife.com/wp-content/Microsoft.NET/ # Reference: https://twitter.com/SecSome/status/1344041101871755276 # Reference: https://app.any.run/tasks/c67ce985-eaae-41d9-9a4c-4af5cfe12906/ http://191.112.178.60 http://24.231.88.85 ongpassoapasso.com.br/r/1IYaxeIKDTISrYMpRRWckdwE7/ # Reference: https://twitter.com/Cryptolaemus1/status/1344182362486222848 appliancebuddy.in/wp-includes/m7R/ rogerbaulenas.com/j/Z96X/ rossdom32.ru/t/wSF/ sasksseed.mymonolith.com/wp-admin/xb/ taradhuay.com/c/4/ thetradepad.co.uk/test/w/ vidular.es/wp-content/K3zbi/ # Reference: https://twitter.com/Cryptolaemus1/status/1344190890898821121 atprofessional.org/wp-content/O6Vey/ iut-bethune.univ-artois.fr/benefits-of-hhnzoet/T/ mypostletter.com/wp-admin/G3/ skyeconsultoria.com.br/wp-admin/co/ talentvalue.com/wp-admin/DEoUM/ trueapparels.com/a/4k/ xportfreight.com/wp-content/c/ # Reference: https://twitter.com/Cryptolaemus1/status/1344200712851509248 astrologiaexistencial.com/l/L/ bandarabbad.com/wp-admin/Lo5kEa/ bereketsutesisatcisi.com/wp-content/xhGs43c/ myphamjapan.com/dup-installer/db/ ngrehab.biz/wp-includes/TCWeeN/ sahla-ad.com/wp-content/a/ swiftlogisticseg.com/wp-admin/VE9h0jj/ # Reference: https://twitter.com/Cryptolaemus1/status/1344205847778488320 artas.biz/c/System/ ausutra.com/wp-admin/Logs/ institutmestres.com/wp-includes/n7Fl9WDm/ noithatcongnghieptantien.com/wp-content/Fonts/ sislog.es/wp-admin/MSInfo/ spmkomputer.com/kasir/diagnostics/ # Reference: https://twitter.com/Cryptolaemus1/status/1344226198252093441 alkamefood.com/y/P/ goldenboyatl.com/img/Ls0/ pom-poo.hk/wp-admin/EFo4q/ shopchailo.com/wp-content/bsQN/ studentloananalyzer.com/wp-admin/2aPL/ vasumadhi.com/cgi-bin/L1DCI/ veertua.com/wp-content/HE/ # Reference: https://twitter.com/Cryptolaemus1/status/1344273969067794432 blogs.g2gtechnologies.com/blogs/v/ insvat.com/wp-admin/Dw/ littleindiadirectory.com/l/TOYuT/ pattayastore.com/visio-network-1hmpp/j5/ rsimadinah.com/wp-content/16qT/ sureoptimize.com/well-known/QsEs/ tenmoney.business/wp-content/nhW/ # Reference: https://twitter.com/Cryptolaemus1/status/1344354848876220416 ellinismos1922.gr/log/c99FG/ linkejet.com.br/cgi-bin/UQ/ mediatorstewart.com/service-msc/3zZLr/ nuocmambamuoi.vn/wp-admin/Ty/ wi360.com/wp-content/u/ wolffsachs.com/wp-content/UKZw/ ycspreview.com/shubham/h7qna/ # Reference: https://twitter.com/K_N1kolenko/status/1344588192117305344 catchpoolshetlands.co.uk/border-design-fjk/ohTJ/ demondkapjesman.nl/cgi-bin/4EbMS/ freelancero.nl/wp-content/3r2/ homegym.vn/stillicide/z/ malerei-wiesner.de/wp-includes/2ww4/ sbninspections.com/wp-content/Y71zQ/ wcpaherrin.net/q/jg/ # Reference: https://twitter.com/K_N1kolenko/status/1344598909453283329 http://18.179.187.145/licenses/Sys/ luoyb.com/wp-includes/rUhBVqXWAV/ malaysianscoop.com/img/MSInfo/ office.horussolution.com/files/Help/ somatone.atakdev.com/plesk-stat/Stationery/ uk-bet.com/wp-content/Media/ # Reference: https://twitter.com/malware_traffic/status/1344329625162407937 89.163.210.141:8080 # Reference: https://twitter.com/abel1ma/status/1344416924382285824 gadgetscs.com/y/LRaS1Fw/ trytuc.com/well-known/Triedit/ # Reference: https://twitter.com/Cryptolaemus1/status/1346138696769302529 admintk.com/wp-admin/L/ etkindedektiflik.com/pcie-speed/Engines/ freelancerwebdesignerhyderabad.com/cgi-bin/S/ hintup.com.br/wp-content/dE/ holonchile.cl/cgi-bin/font/ indemnity360.com/nsw-highways-yqgdk/Sys/ mikegeerinck.com/c/YYsa/ norailya.com/drupal/n0uJoiR/ praticideas.net/wp-content/en-US/ stmarouns.nsw.edu.au/paypal/b8G/ ummahstars.com/app_old_may_2018/assets/Help/ wm.mcdevelop.net/content/6F2gd/ # Reference: https://twitter.com/Cryptolaemus1/status/1346191933329313797 anakhita.com/wordpress/Pt/ etbnaman.com/wp-admin/V0Sv/ ezdesigns.net/ALFA_DATA/h/ labasedespatriotes.net/wp-content/tGjE/ menol.eu/wp/mT/ spovahealth.com/z/Vb/ youyouwj.com/b/HW/ # Reference: https://twitter.com/Cryptolaemus1/status/1346198468918976514 dayimachine.com/automator-mouse-xoq9e/aY9/ doctorww.com/22-hp-ak4yp/LRWLZ2/ elaheanahita.org/a/sbzLscs/ ibelieveonline.org/wp-content/FvSP7/ mt4-ea.vip/sys-cache/62y7sA/ ultimatesoftwarenet.com/wp-content/6rXDH9/ whytech.info/wp-includes/oa/ # Reference: https://twitter.com/Cryptolaemus1/status/1346234313843613702 assecon.com.br/novosite/0fgb09/ blog.luozhou.xyz/wp-includes/en-US/ greensync.com.br/bloqueio/SIGNUP/ helionspharmaceutical.com/wp-admin/Fonts/ moraniz.co.il/wp-content/inf/ salas.co.uk/phyllis/Systems/ # Reference: https://twitter.com/Cryptolaemus1/status/1346241673446248450 app.e-paylinks.com/cgi-bin/GBbzq/ benzatine.com/wp-admin/vafW4/ bikemyday.se/wp-includes/gxz9/ cdhrsom.org/wp-admin/Z/ smartgrocerysl.com/content/dLM/ thekays.ca/wp-includes/h/ thinkbrief.cn/wp-includes/i/ # Reference: https://app.any.run/tasks/e05cfe35-fac0-41c5-aa2a-475d7af96998/ http://125.0.215.60 # Reference: https://twitter.com/bomccss/status/1346362798482227200 givingthanksdaily.com/qlE/VeF/ petafilm.com/wp-admin/4m/ # Reference: https://twitter.com/Cryptolaemus1/status/1346415035204177923 img.oipeirates.pro/wp-includes/inf/ mojwear.de/wp-includes/x907s3BY/ nicoblogroms.com/reviews-of-rcbim/QBaTch/ omnitech.asia/pressthisl/System32/ taradhuay.com/c/vrODk/ teelekded.com/cgi-bin/Services/ # Reference: https://twitter.com/Cryptolaemus1/status/1346430545174142977 comunicacaovertical.com.br/agencia/D0sJl/ datawyse.net/5VGI0/ fathekarim.com/images/jiC/ radioclype.scola.ac-paris.fr/wp-admin/js/widgets/6S transfersuvan.com/wp-admin/1114R/ trumpcommunity.com/usa-no-uykjh/wcS/ upafrique.com/cgi-bin/iFmg/ # Reference: https://twitter.com/Cryptolaemus1/status/1346436857257574400 campusexpo.org/department-of-odhmmkd/95eXZY/ khanhhoahomnay.net/wordpress/CGMC/ sgurztac.wtchevalier.com/wp-content/YzZ6YZ/ shop.elemenslide.com/wp-content/n/ sofsuite.com/wp-includes/2jm3nIk/ veterinariadrpopui.com/content/5f18Q/ wpsapk.com/wp-admin/v/ # Reference: https://twitter.com/neutrify/status/1346468155879612429 fnjbq.com/wp-includes/rlR/ sakhisuhaninarijeevika.com/wp-includes/CvGUjvE/ somanap.com/wp-admin/P/ wap.zhonglisc.com/wp-includes/QryCB/ zieflix.teleskopstore.com/cgi-bin/Gt3S/ # Reference: https://twitter.com/Cryptolaemus1/status/1346490798142083074 ancorals.com/aminophenol/Stationery/ eco-mykolaiv.info/f/debug/ ehteknology.com/wp-includes/en-US/ imedu.org/u/cV/ omarisouza.com/cgi-bin/Systems/ smartintelligentsolutions.com/content/microsoft/ # Reference: https://twitter.com/Cryptolaemus1/status/1346536935989391362 astrologiaexistencial.com/l/4bm8/ dirgantaratuba.com/cgi-bin/PX4K/ mail.ninosindigochile.cl/1989-gmc-oq21w/ZVTCY/ mirvalgroup.com/wp-includes/FOeYo/ unimedunihealth.com/wp-includes/E/ walkerswebshop.com/images/O7/ wp.gensoukyou.org/souzinv_old/1a/ # Reference: https://twitter.com/Cryptolaemus1/status/1346556090050375680 789hosteley.com/content/NZrE/ exitocorp.com/content/0ygHR/ hss.mamoni.info/content/b/ kongjiantang.com/s/It1c/ phonghoinghi.com/wp-admin/TkBD/ theloveiskindnetwork.com/wp-includes/V/ ushomestyle.com/wp-content/gfhX/ # Reference: https://twitter.com/BushidoToken/status/1346440874759172096 inspired-automotive.co.uk/wp-content.BAK_2020-05-13/w1XXLqtnEj7nijbg1qOGmIDzwcRH/ # Reference: https://paste.cryptolaemus.com/emotet/2021/01/04/emotet-malware-IoCs_01-04-21.html 165.22.246.219:8080 49.205.182.134:80 167.71.4.0:8080 190.162.232.138:80 203.157.152.9:7080 95.76.153.115:80 90.160.138.175:80 178.152.87.96:80 186.147.237.3:8080 173.249.20.233:443 110.172.180.180:8080 186.96.170.61:80 85.247.144.202:80 125.0.215.60:80 89.106.251.163:80 24.231.88.85:80 197.211.245.21:80 97.120.3.198:80 172.193.14.201:80 88.247.30.64:80 190.136.176.89:80 162.144.212.120:8080 167.71.148.58:443 5.83.32.101:80 78.189.148.42:80 103.124.152.221:80 70.183.211.3:80 31.27.59.105:80 82.48.39.246:80 82.208.146.142:7080 113.161.176.235:80 181.124.51.88:80 154.0.8.2:443 191.241.233.198:80 78.188.225.105:80 211.215.18.93:8080 189.34.18.252:8080 70.92.118.112:80 139.5.101.203:80 75.188.107.174:80 173.70.61.180:80 75.177.207.146:80 66.57.108.14:443 190.247.139.101:80 93.146.48.84:80 74.222.117.42:80 189.211.214.19:443 201.212.201.127:8080 201.143.224.27:80 24.230.124.78:80 180.52.66.193:80 188.165.214.98:8080 47.150.238.196:80 98.109.133.80:80 84.5.104.93:80 138.197.99.250:8080 157.245.145.87:443 152.170.79.100:80 114.158.126.84:80 167.99.105.11:8080 181.136.190.86:80 2.80.112.146:80 201.75.62.86:80 93.149.120.214:80 84.232.252.202:443 5.2.136.90:80 75.109.111.18:80 59.21.235.119:80 201.193.160.196:80 157.245.123.197:8080 # Reference: https://www.virustotal.com/gui/file/d0e180cf891b1138e9fa24f47885ec8e9b936a2c1f757f868e7063baf2f27e02/detection http://54.36.185.63 # Reference: https://www.virustotal.com/gui/file/9271631901e43b43d23922acec11166070e3ef673ef6e60e1c0fb9eafca14a16/detection etkindedektiflik.com mantaspesadas.com newtabletmall.com ozonerenovaters.co.za sezard.com zakariabek.com # Reference: https://twitter.com/Cryptolaemus1/status/1349016166916911107 capturetheaction.com.au/wp-includes/Yjp/ mmo.martinpollock.co.uk/a/SQSGg/ mybusinessevent.com/tiki-install/e/ shulovbaazar.com/c/bcL6/ thenetworker.ca/comment/8N4/ trayonlinegh.com/cgi-bin/HBPR/ uhk.cncranes.com/ErrorPages/3/ # Reference: https://twitter.com/Cryptolaemus1/status/1349059123753742337 agricampeggiocortecomotto.it/wp-admin/s7p1/ avadnansahin.com/wp-includes/w/ hellas-darmstadt.de/cgi-bin/ZSoo/ remediis.com/t/gm2X/ riparazioni-radiotv.com/softaculous/DZz/ solicon.us/allam-cycle-1c4gn/f5z/ starlingtechs.com/GNM/ # Reference: https://twitter.com/Cryptolaemus1/status/1349088418442186758 abdindash.xyz/b/Yonhx/ altcomconstruction.com/wp-includes/or7/ baselinealameda.com/j/uoB/ cavallarigutters.com/samsung-chromebook-etswp/Wdeiub/ craku.tech/h/iXbreOs/ nicoblogroms.com/c/V9w0b5/ taradhuay.com/d/oT5uG/ # Reference: https://twitter.com/malware_traffic/status/1349100952649953283 http://161.49.84.2 angel2gether.de/BlutEngel/SpeechEngines/ # Reference: https://twitter.com/Cryptolaemus1/status/1349295458607394817 3d.unicorp.site/js/A1ew/ 3d.unicorp.site/js/GzVpMLaH/ christinewalker.org/wp-admin/Xt9SNHtExU/ huzurdugunsalonu.com/wp-content/Speech/ personal.unicorp.site/lang/System_32/ tmsvinhphuc.com/wp-content/SpeechEngines/ # Reference: https://twitter.com/VirITeXplorer/status/1349316114636017664 ancorals.com/aminophenol/Stationery/ eco-mykolaiv.info/f/debug/ ehteknology.com/wp-includes/en-US/ imedu.org/u/cV/ omarisouza.com/cgi-bin/Systems/ smartintelligentsolutions.com/content/microsoft/ # Reference: https://twitter.com/Cryptolaemus1/status/1349344528214466561 aryasamajmandirkanpur.com/cgi-bin/VcJK/ equipamentosmix.com/1/TRM/ lapiramideopticas.com/tesla-powerwall-ok3h2/kmJ/ lezz-etci.com/wp-content/mXxP/ music.mnahid.com/wp-admin/kCGrt8/ transfersuvan.com/wp-admin/yhUw0GU/ vedavacademy.com/wp-admin/7BHbH/ # Reference: https://twitter.com/Cryptolaemus1/status/1349365544185696259 abbc.tv/wp-content/Triedit/ asafina.co/wp-content/G3GLLO/ bluepassgt.com/von-weise-ludzp/DNNXcQcRTT/ globalruraldevelopmentagency.co.za/cgi-bin/inf/ larissarobles.com/wp-admin/SIGNUP/ trioconcuerda.es/cgi-bin/Services/ # Reference: https://twitter.com/Cryptolaemus1/status/1349368462397878272 cs.lcxxny.com/wp-includes/E3U8nn/ datawyse.net/0X3QY/ givingthanksdaily.com/CP/ ketorecipesfit.com/wp-admin/afanv/ makiyazhdoma.ru/blocked/tgEeW8M/ mertelofis.com/wp-content/As0/ trustseal.enamad.ir.redshopfa.com/admit/wJJvvG/ # Reference: https://www.virustotal.com/gui/file/6a493e8b5ff18bfa985491dff440f85ab81458e502477a4163d174b2f068d2a0/detection http://50.116.111.59 # Reference: https://twitter.com/Cryptolaemus1/status/1349434485213958148 adres-ug.ru/wp-admin/IItD/ ats-tx.com/old/f1X/ avanttipisos.com.br/catalogo-virtual/U/ bhar.com.br/elementos/MQfB/ mpeakecreations.co.za/cgi-bin/vVk1rw/ smkbudiagung.com/wp-content/VoPg04/ theraven.pk/overwolf-r6-vdace/UH4fL/ # Reference: https://www.virustotal.com/gui/file/5914d2b73a12434f181aecde03e27c755c5b3d9d87827381a5ac6cc6d1eeb72b/detection http://194.36.190.41 # Reference: https://www.virustotal.com/gui/file/b09074b0d262c73c66430e4e968ebee0cb946881c69d7b7fd8bc9130a1731482/detection californiaasa.com/californiaasa.com/8t/ dakarbuzz.net/css/CyKg/ djraisor.com/error/w7G3/ kharazmischl.com/w/ prestokitchens.com/recurringo/fRe/ viralbrown.com/e3c0ngfjc/N/ # Reference: https://otx.alienvault.com/pulse/600427f0c6a16dad430cdf71 taskok.com uudama.com uudati.com uuwise.com # Reference: https://www.virustotal.com/gui/file/885241694043444e59ddc1473d1d76cf05868569e8afe89d72757ca3178a006e/detection akybron.hu/wordpress/Triedit/ holonchile.cl/cgi-bin/System32/ members.nlbformula.com/cgi-bin/Microsoft.NET/ c210109.itourlife.top top-grandwinners.life # Reference: https://tria.ge/210120-dx7gmz813a calledtochange.org/CalledtoChange/8huSOd/ hbprivileged.com/cgi-bin/Qg/ mrveggy.com/wp-admin/n/ norailya.com/drupal/retAl/ riandutra.com/email/AfhE8z0/ teelekded.com/cgi-bin/LPo/ ummahstars.com/app_old_may_2018/assets/wDL8x/ # Reference: https://twitter.com/Cryptolaemus1/status/1351848817621139456 avz-pr.com/wp-includes/hJ/ cawada.com/wp-content/7httphttpUz0/ hilmagym.com/alden-s-ylxyau/Rljs3s/ sundargarhmirror.com/wp-content/sRu7KK/ surveycanada.xyz/wp-content/0sDDTy/ ultimatesoftwarenet.com/wp-content/upB/ yurdumaku.com/blogs/zQAwwA/ # Reference: https://twitter.com/Cryptolaemus1/status/1351849334443307010 edge-tech.uk/flacon/61RO7/ gmthearingsolution.com/cgi-bin/lrZkqL/ istanbulhaliyikamacim.com/content/I9Ogfopdi7/ ordertaker.jakagroup.com/2f77k7i6/E/ solicwebaps.azurewebsites.net/allam-cycle-1c4gn/KLBX/ taradhuay.com/d/It4Iwlo/ # Reference: https://twitter.com/Cryptolaemus1/status/1351849087428079617 achutamanasa.com/media/Te/ cashyinvestment.org/wp-content/21dIZ/ infoquick.co.uk/assets/h/ merkadito.mx/upload/6/ oftalmovilaplana.com/wp-includes/wfKu/ opticaquilin.cl/wp-includes/FFueL/ vilajansen.com.br/loja_old_1/p/ # Reference: https://twitter.com/Cryptolaemus1/status/1351863522184097794 buyitnowtoday.net/wp-admin/KI0K/ canadabrightway.com/wp-admin/n3 cometarabian.com/wp-includes/zFY6U/ convictionfitness.webdmcsolutions.com/wp-admin/gUb/ hbprivileged.com/cgi-bin/Qg/ intellisavvy.com/wp-admin/dRaG2H/ ketoresetme.com/wp-content/Rk4rz/ mrveggy.com/wp-admin/n/ perrasmoore.ca/wp-admin/rM6HK re2me.xyz/opt/Ds/ senbiaojita.com/wp-admin/iDlsc/ starkmotorracing.com/unhairer/nzFKm/ stormhansen.com/2556460492/if/ teelekded.com/cgi-bin/LPo/ thelambertagency.com/staging/Vo/ theo.digital/wp-admin/Zyl2/ trainwithconviction.com/wp-admin/y trainwithconviction.webdmcsolutions.com/wp-admin/rEEEU ummhttpstars.com/app_old_may_2018/assets/wDL8x/ upinsmokebatonrouge.com/var/Ux1V/ vassanaservices.com/TEST/V3/ # Reference: https://twitter.com/Cryptolaemus1/status/1351885794164822017 perrasmoore.ca/wp-admin/rM6HK/ # Reference: https://www.virustotal.com/gui/file/7a60e4259e05ae1b9f2879df13341ca27217d4aa9bbb542397ad1a96fa1dd581/detection # Reference: https://www.virustotal.com/gui/file/19ef1edfd5cbfb556945f30eddf23f1f707ec9de5959167e0863c0abf201f12b/detection 145.249.106.34:80 # Reference: https://tria.ge/210120-5ah1kwq3l6 115.21.224.117:80 12.175.220.98:80 162.241.204.233:8080 180.222.161.85:80 190.103.228.24:80 190.251.200.206:80 69.49.88.46:80 75.113.193.72:80 78.182.254.231:80 # Reference: https://twitter.com/Cryptolaemus1/status/1351923396083257344 # Reference: https://app.any.run/tasks/b2f93211-2c05-4062-a53b-968ab80dcd8c/ apsolution.work/magneti-marelli-zkkmb/toq7Eiy/ artistascitizen.com/wp-content/Bx3cr6/ careercoachconnection.com/tenderometer/4K/ happycheftv.com/wp-admin/z6uGcbY/ ombchardin.com/archive/V/ tacademicos.com/content/JbF68i/ zhongsijiacheng.com/wp-content/jn5/ # Reference: https://twitter.com/bomccss/status/1351835536390975490 ordertaker.jakagroup.com/2f77k7i6/E/ # Reference: https://twitter.com/Cryptolaemus1/status/1351950866811645955 abyssos.eu/wp-content/p/ bambathamobileloans.co.za/cgi-bin/X/ blog.tqdesign.vn/banner/uW/ buarf.com/vcds-throttle-w4z41/pqqn/ gieoduyen.vn/css/PxmtB/ vataas.com/3325390551/5W/ # Reference: https://twitter.com/Cryptolaemus1/status/1351994772433625088 abdo-alyemeni.com/wp-admin/seG6/ bardiastore.com/wp-admin/A1283/ dryaquelingrdo.com/wp-content/SI/ fabulousstylz.net/248152296/TpI/ giteslacolombiere.com/wp-admin/FV/ oxycode.net/wp-admin/x/ trendmoversdubai.com/cgi-bin/B73/ # Reference: https://twitter.com/Cryptolaemus1/status/1351992254177681410 cirteklink.com/F0xAutoConfig/1Zb4/ covisiononeness.org/new/F9v/ lionrockbatteries.com/wp-snapshots/C/ nimbledesign.miami/wp-admin/C/ oshiscafe.com/wp-admin/5Dm/ schmuckfeder.net/reference/ubpV/ xunhong.net/sys-cache/D0/ # Reference: https://twitter.com/Cryptolaemus1/status/1352006666263420928 academiaprogreso.com/cgi-bin/Z5/ casinos-hub.com/s/ZQhDyLF/ deoditas.com/n/FUEyoG/ mts2019-002-site9.gtempurl.com/wp-content/E/ newtop.one/responsives/z/ ocean4gamers.com/wp-content/GAuYf/ yahyalisayam.com/sys-cache/tAsw/ # Reference: https://twitter.com/K_N1kolenko/status/1352155154003480576 aqnym.top/wp-login/9ZvtYaLyhg/ bestcartdeal.com/wp-content/U12BbGPx2v/ chenqiaorong007.com/wp-content/inh1Q4eFMT/ hredoybangladesh.com/3948708181/l7/ qingniatouzi.com/wp-includes/Z4TFME0/ washcolsc.com/wp-admin/gRIWZ/ # Reference: https://twitter.com/Cryptolaemus1/status/1352199988084944896 bikemyday.se/wp-includes/FdM/ bookkeepingdoctor.co.uk/s/1EU/ deshbangla71news.com/wp-content/5M/ lubdeco.com/rocketlike/1IqoSgDG/ peritidiparte.org/administrator/XSboAD33/ vallerconstrutora.com.br/wp-content/uploads/vDIi0eYzz/ # Reference: https://pastebin.com/raw/aStRxhMw 143.0.85.206:7080 181.10.46.92:80 2.58.16.88:8080 200.75.39.254:80 201.185.69.28:443 206.189.232.2:8080 83.144.109.70:80 91.233.197.70:80 93.146.143.191:80 93.149.120.214:80 94.176.234.118:443 95.76.153.115:80 # Reference: https://urlhaus.abuse.ch/url/973026/ nhipcauytevietnhat.com/efficiency-all-iuehb/BJug3jyhuyilWhCQs3YksSaqQW7tpyvmYpb91wTZdbluIo1EKoPE5VrBbcx8zHDAR9YT/ # Reference: https://twitter.com/Cryptolaemus1/status/1352559200271028227 # Reference: https://twitter.com/Cryptolaemus1/status/1352559411135467527 cashstreamfinancial.com/wp-admin/23/ e-medglobal.com/wp-content/ludqf/ ecobaby.es/assets/MZIHkwyre/ elsadinc.com/wp-content/B/ inhaustyle.com/wp-admin/7OtP5/ jlzs.kuamn.com/a/B3Snr8A/ jolifm.com/new/5hkc3/ o7therapy.com/egyptian-comedy-hiiro/As0/ signinsolution.com/wp-content/Vr0/ technologydistilled.com/a-nurse-ss8d9/z/ wangke9.com/wp-includes/dCmiSx8y/ wp01.devanshp.com/sys-cache/8vejbVDx/ wz760.com/wp-admin/b/ # Reference: https://twitter.com/Cryptolaemus1/status/1352558882867081219 # Reference: https://twitter.com/VirITeXplorer/status/1352557164158738433 91yudao.com/wp-admin/KKHt1/ fifacoinsbox.com/wp-content/7gYt/ laymancoder.com/rustic-decor-1gbad/Us/ rbdck.com/wp-content/uploads/sucuri/lewfK/ seamart.info/alfacgiapi/q92A/ uagritech.com/cgi-bin/a5G/ yourcleanersurfaces.com/four-monks-acasz/O2my/ # Reference: https://twitter.com/Cryptolaemus1/status/1352581752385122310 admin.toppermaterial.com/js/jGcwS/ fultonandassociates.com/administrator/IUHeit/ notebook03.com/templates/G2Ay/ pcsaha.com/wp-content/fG1tM/ rosvt.com/img/9h1Q/ skver.net/benjamin-moore-xha9o/t/ zippywaytest.toppermaterial.com/wp-admin/wwbJ/ # Reference: https://twitter.com/Cryptolaemus1/status/1352595532074643463 alugrama.com.mx/t/2/ armakonarms.com/wp-includes/fz/ bbjugueteria.com/s6kscx/Z/ bimception.com/wp-admin/sHy5t/ coworkingplus.es/wp-admin/FxmME/ homecass.com/wp-content/iF/ silkonbusiness.matrixinfotechsolution.com/js/q26/ # Reference: https://twitter.com/Cryptolaemus1/status/1352631537007734790 fab5associates.com/include/scIM/ ie-best.com/msm8909-custom-bgts5/eos6t3H/ iebest.online/1997-chevy-aiz00/RFrTE68/ iebest.org/hoefler-bold-zify4/ia/ originpart.com/wp-content/acStl/ singleworld-online.com/img/DeeAt/ slowdtech.net/shop/wLZ4yw/ # Reference: https://twitter.com/Cryptolaemus1/status/1352643524404117505 e-wdesign.eu/wood-stove-x7iww/R1SMs1v/ micronews.eu/crankshaft-pulley-i5aio/Tlp/ ofert-al.com/wp-content/t9hVViBde/ relatedgrouptest.com/OurTime/culeTFa3v/ schmuckfedern.info/reference/0HlBBg8/ transal.eu/netgear-wifi-qzvv4/1j7XZ/ # Reference: https://twitter.com/Cryptolaemus1/status/1352700749164269568 boomarketer.com/wp-content/6/ crooks-taylor.com/1676470973/1/ lvnskin.com/h/IB/ nadysa.com/wp-content/Almet/ rabiei.fun/eidl-reconsideration-bs3lu/feoOiAO/ rex.tasmiragroup.com/wp-includes/un6G/ whitetheme.xyz/wp-content/q8H/ # Reference: https://twitter.com/Cryptolaemus1/status/1352724228106280960 bhaktivrind.com/cgi-bin/JBbb8/ cab.mykfn.com/admin/X/ cambiasuhistoria.growlab.es/wp-content/hGhY2/ gocphongthe.com/wp-content/lMMC/ ie-best.net/online-timer-kvhxz/ilXL/ letscompareonline.com/de.letscompareonline.com/wYd/ vanddnabhargave.com/asset/W9o/ # Reference: https://twitter.com/Cryptolaemus1/status/1353666901780688900 aecotimes.com/wp-admin/44Z/ de.letscompareonline.com/cgi-bin/ztEE/ escalierconsulting.com/wp-includes/I/ haumaguerraevoceoalvo.com.br/wp-includes/0Hm/ paulomarciotrp.com/z/y/ rakikuma.com/cgi-bin/K/ snjyp.com/wp-content/Nz/1/ # Reference: https://twitter.com/Cryptolaemus1/status/1353658459376517121 3musketeersent.net/wp-includes/TUgD/ dashudance.com/thinkphp/dgs7Jm9/ jeevanlic.com/wp-content/r8M/ leopardcranes.com/zynq-linux-yaayf/w/ mmrincs.com/eternal-duelist-9cuqv/jxGQj/ shannared.com/content/lhALeS/ skilmu.com/wp-admin/hQVlB8b/ # Reference: https://twitter.com/Cryptolaemus1/status/1353642498288201728 e-wdesign.eu/wp-content/bn1IgDejh/ jflmktg.wpcomstaging.com/wp-content/AK/ linhkienmaytinh.tctedu.com/wp-snapshots/VzJM/ nightlifemumbai.club/x/0wBD3/ shop.nowfal.dev/wp-includes/RlMObf2j0/ traumfrauen-ukraine.de/bin/JyeS/ # Reference: https://twitter.com/sugimu_sec/status/1354337747037679619 80.158.59.174:8080 80.158.43.136:80 80.158.3.161:443 80.158.51.209:8080 80.158.35.51:80 80.158.63.78:443 80.158.53.167:80 80.158.62.194:443 # Reference: https://www.virustotal.com/gui/file/d2fa81e487727af7c92cb170cfd73dcd9c600c4599cfe59c8021744c075064ee/detection 190.182.161.7:8080 # Reference: https://otx.alienvault.com/indicator/file/9fddb3ab17c46feb665101b7893f793f2b3465f5eac30bd4d442b52a8d60448b/ alptitude.com/wp-admin/2ygiz6a0574/ dev.petracapital.com/shared/web/f794/ healthylivingclinique.com/yzvd2ss/nj9ro6k881/ staging.thenaturallifestyles.com/wnty/98c971/ # Reference: https://tria.ge/201025-mn36398aqs/static1 111.119.233.65:80 144.139.158.155:80 187.131.128.238:50000 190.79.228.89:443 220.241.38.226:50000 41.75.135.93:7080 42.190.4.92:443 45.56.79.249:443 60.52.64.122:80 79.127.57.43:80 94.177.183.28:8080 94.67.21.187:8080 # Reference: https://www.virustotal.com/gui/file/835d0910a541696111ecf4588e19a2c361e1ed6a61d2b680e1dd1cfcd85b4da9/detection arya-co.com/wp-includes/lIaWADd/ literadiocebu.com/vhvjt/aycx52bqm330139/ pizzaherbs.com.pk/pjqbq/XnPgtdPPN/ solution.seeedstudio.com/tag/FNLFibbOyHa/ # Reference: https://unit42.paloaltonetworks.com/attack-chain-overview-emotet-in-december-2020-and-january-2021/ # Reference: https://otx.alienvault.com/pulse/6047a64d3c6de8ce39c5f1fb abrillofurniture.com/bph-nclex-wygq4/a7nBfhs/ allcannabismeds.com/unraid-map/ZZm6/ ezi-pos.com/categoryl/x/ giannaspsychicstudio.com/cgi-bin/PP/ ienglishabc.com/cow/JH/ etkindedektiflik.com/pcie-speed/U/ vstsample.com/wp-includes/7eXeI/ # Reference: https://www.virustotal.com/gui/file/05e10f7bf1687cc7187961aa5140c2b29a054a9142bdf9b8b8a54a6fbfc63f38/detection http://70.121.172.89 # Reference: https://unit42.paloaltonetworks.com/emotet-command-and-control/ ienglishabc.com/cow/JH/ # Reference: https://www.virustotal.com/gui/file/338d8d3ff0894ad4411b7eca2723d06a70f560488f00e690ed7ad33e67f9ad47/detection # Reference: https://www.virustotal.com/gui/file/14aad54e4accb6acc45ee5bdf965c406fac1b53ba6600961135b9567d03b224d/detection 217.160.169.110:8080 51.255.203.164:8080 # Reference: https://www.virustotal.com/gui/file/6b33c0213605687c080ebef68e2ae366e3d35f90cb1bf80ad4506ad738284806/detection http://84.232.229.24 # Reference: https://www.virustotal.com/gui/file/9873dc0ef3a6233e91cb4112f96e68495354a35341ebe8108f87e80a97084306/detection duolife-partner.com/wp-content/pE/ givingthanksdaily.com/web/VK/ ifarmer.com.br/__MACOSX/2w4/ tskgear.com/wp-content/uploads/2017/Fo/ uniteddatabase.net/wp-admin/tf/ testlibreria.ddns.net # Reference: https://www.virustotal.com/gui/file/5bc7d79f0a8067ecc206d34cad5432b343af707f332326b947460129d36d9c73/detection # Reference: https://www.virustotal.com/gui/file/d148cd4df3bc4807b5e7d2dffc7659ca926ed4674d4fab4da5b305f63d19748d/detection djsrecord.com impipower.com inkayniperutours.com lastfrontierstrekking.com mitraship.com vesiyiannissimopoulos.com vysimopoulos.com watchnshirt.com # Reference: https://unit42.paloaltonetworks.com/c2-traffic/ /a51azs1nbhzmu5m/ /a5msy52s4i4uuac7dm/ /e6qj08nos8kh/ /o7rhpr2xi05tkkp/ /p0f6wimb1tcqvn0/ /r1s4dvgwanu1ov8qku/ /a5msy52s4i4uuac7dm/pzudacb2/a51azs1nbhzmu5m/p0f6wimb1tcqvn0/ /r1s4dvgwanu1ov8qku/e6qj08nos8kh/o7rhpr2xi05tkkp/ # Reference: https://www.virustotal.com/gui/file/befffcacdf0a332761313f820c7527c9e18afb0b2b96871fa3ae6cdb78a1710c/detection 3cgfx.com antbear.de praxislumpp.de reken-bhf.d zlc-aa.org /nbrZnq/ /nwbBJRnf/ /shFvxAVCx/ # Reference: https://www.virustotal.com/gui/file/3deae7749040610c9cbb202e382427a1f25a78a2522039b47243f39d117bbe2a/detection coronadotx.com djkuhni.ru finnessemedia.com oilmotor.com.ua /9jrQva/ /dg8G4r7/ /VG0BJc48/ # Reference: https://www.virustotal.com/gui/file/71cdd13b7a58ce65018ee1262dcd6ed87649869b77da2c9fc83fac5ea46da9e2/detection http://82.28.208.186 # Reference: https://www.virustotal.com/gui/file/1241503187e6eab61e28a83e423358b340acd60ce4dcea04d61946f9c8b6644b/detection eadhm.com # Reference: https://www.virustotal.com/gui/file/d78d3372dcbd7096a17376759e10de73574f781ce9148c870b26b76734d265c2/detection http://173.254.28.54 http://31.31.196.252 http://37.59.31.76 http://5.196.201.123 http://91.238.72.69 73.49.109.200:443 # Reference: https://www.virustotal.com/gui/file/44fc6487c49540ca65e83de10394e82b197a46f21d519a7bcec3ef363d129aa8/detection cat-school.ru/us/710yf0n_ua7x4j-7479994/ ahoraseguro.dmcintl.com/wp-admin/VyzfDUJD/ candasyapi.com/cgi-bin/kbd3o6aik_n6gtdbv-55/ domuswealth.kayakodev.com/wp-content/uploads/rLDcCyAubM/ # Reference: https://isc.sans.edu/diary/28044 51.75.33.120:443 51.159.35.157:443 81.0.236.93:443 94.177.248.64:443 92.207.181.106:8080 109.75.64.100:8080 163.172.50.82:443 # Reference: https://capesandbox.com/analysis/205987/ 103.75.201.2:443 103.8.26.102:8080 103.8.26.103:8080 104.251.214.46:8080 105.178.188.118:36390 108.23.240.27:55224 108.253.10.35:50450 111.160.228.120:11844 118.232.90.67:41669 12.103.138.37:25337 129.71.122.229:19552 130.218.189.102:11273 131.118.23.101:1579 138.115.8.136:56281 138.185.72.26:8080 147.228.21.195:30136 148.35.207.251:33527 148.86.197.182:8947 153.7.1.135:46220 178.79.147.66:8080 181.54.185.125:31175 185.184.25.237:8080 188.93.125.116:8080 193.68.236.63:5958 195.154.133.20:443 20.230.225.161:8790 202.203.146.92:23209 207.38.84.195:8080 208.169.50.181:64568 210.57.217.132:8080 212.237.5.209:443 213.250.103.157:20454 215.8.101.132:46077 218.38.200.180:25912 220.148.251.73:33247 227.6.114.83:665 238.158.59.126:29524 239.148.125.201:46467 242.27.192.124:10362 248.105.66.216:52589 25.55.252.100:2573 253.144.211.188:26511 255.172.122.71:56807 26.19.172.107:61767 26.194.150.23:4175 45.118.135.203:7080 45.142.114.231:8080 45.76.176.10:8080 49.39.1.135:29156 5.209.235.13:42953 51.170.119.234:40184 51.68.175.8:8080 58.227.42.236:80 66.42.55.5:7080 68.25.130.201:54222 70.151.180.118:49953 74.100.101.45:1921 75.230.216.18:31704 77.115.123.4:30680 81.0.236.93:443 84.14.63.133:50709 89.0.134.88:56100 94.177.248.64:443 99.140.7.31:20206 # Reference: https://tria.ge/211117-qs1syshgcj 142.4.219.173:8080 168.197.250.14:80 177.72.80.14:7080 185.148.169.10:8080 191.252.103.16:80 195.154.146.35:443 195.77.239.39:8080 196.44.98.190:8080 207.148.81.119:8080 37.44.244.177:8080 37.59.209.141:8080 45.79.33.48:8080 51.178.61.60:443 51.210.242.234:8080 54.37.228.122:443 54.38.242.185:443 66.42.57.149:443 78.46.73.125:443 78.47.204.80:443 85.214.67.203:8080 # Reference: https://twitter.com/abuse_ch/status/1461311027925106689 45.79.33.48:8080 # Reference: https://twitter.com/fr0s7_/status/1460590106637651970 # Reference: https://pastebin.com/vaprawG6 av-quiz.tk ranvipclub.net visteme.mx newsmag.danielolayinkas.com/content/nVgyRFrTE68Yd9s6/ goodtech.cetxlabs.com/content/5MfZPgP06/ devanture.com.sg/wp-includes/XBByNUNWvIEvawb68/ team.stagingapps.xyz/wp-content/aPIm2GsjA/ /5MfZPgP06/ /aPIm2GsjA/ /nVgyRFrTE68Yd9s6/ /XBByNUNWvIEvawb68/ # Reference: https://twitter.com/pr0xylife/status/1464192283604103168 multilifecapsule.com /s9t0t1x/bgZZ2Gslow/ /bgZZ2Gslow/ /s9t0t1x/ # Reference: https://twitter.com/pr0xylife/status/1463935013007863809 ielts-world.trimion.org/wp-content/uploads/0qkRwoQ1sl7/ /0qkRwoQ1sl7/ # Reference: https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/665/original/all_network_IOCs.txt 168801.xyz 168801.xyz/wp-content/6J3CV4meLxvZP/ adorwelding.zmotpro.com/wp-content/Z8ifMTCM2VBWlfeSZmzv/ alfadandoinc.com/67oyp/C2J2KyCpQnkK4Um/ alfaofarms.com/xcyav/F9le301G89W0s2g4jLO5/ av-quiz.tk/wp-content/k6K/ caboturnup.com/wp-content/plugins/classic-editor/js/PZgllRH6QtkaCKtSB50rzr/ callswayroofco.com/wp-content/fdMNv5VqUpd3wKwrDEYc/ cars-taxonomy.mywebartist.eu/-/BPCahsAFjwF/ ceshidizhi.xyz/wp-content/Gs4yhEwmUamQky9H9rSy/ ckfoods.net/wp-admin/wPInm2rgMu/ crownadvertising.ca/wp-includes/OxiAACCoic/ cursossemana.com/wp-content/zwfj5luCBBEL3RrbBgPsz/ devanture.com.sg/wp-includes/XBByNUNWvIEvawb68/ dipingwang.com/dhijow/yYj7tJhnx3gZsJwlOCNCU/ evgeniys.ru/sap-logs/D6/ giadinhviet.com/pdf/log_in/8kQBFUyohsDRGCJx/ goodtech.cetxlabs.com/content/5MfZPgP06/ hpoglobalconsulting.com/wp-content/9CwBhm1xLHlSAmSl8FrG/ html.gugame.net/img/5xUBiRIQ4s3EtKEv67Ebn/ huskysb.com/wordpress/6f0qIQlWPaYDfa/ im2020.vip/wp-includes/Uo9xNyX6bgj1/ immoinvest.com.br/blog_old/wp-admin/luoT/ itomsystem.in/i9eg3y/nNxmmn9aTcv/ jamaateislami.com/wp-admin/FKyNiHeRz1/ laptopinpakistan.com/wp-admin/O709S0/ linebot.gugame.net/images/RX6MVSCgGr/ lpj917.com/wp-content/Cc4KG1MDR4xAWp91SjA/ manak.edunetfoundation.org/school-facilitator/qlwM2RAHhDG8N8/ newsmag.danielolayinkas.com/content/nVgyRFrTE68Yd9s6/ onlinemanager.site/szrlo/XRL3pyAvQ9NoDug7wzAzyuL/ parentingkiss.com/wp-admin/LMgGsVXx02LX/ pasionportufuturo.pe/wp-content/XUBS/ pibita.net/wp-admin/VLpfaG1/ primtalent.com/wp-admin/9yt1u/ protracologistics.com/cryptocurrency/8Nq5rxi7aIGH/ ranvipclub.net/pvhko/a/ ridcyf.com/dm7vg/DGWFrJA0kutWTk/ server.zmotpro.com/venkat/products/facebook-page/assets/kmIdeXnG/ staviancjs.com/wp-forum/QOm4n2/ team.stagingapps.xyz/wp-content/aPIm2GsjA/ thepilatesstudionj.com/wp-content/oAx5UoQmIX3cbw/ thetrendskill.com/wp-content/HbbVwxEkhvYdloXmjWeBb/ vcilimitado.com/trendfit/aBER6PrBXc7/ vegandietary.com/wp-admin/IFtPKsn/ visteme.mx/shop/wp-admin/PP/ voltaicplasma.com/wp-includes/wkCYpDihyc8biTPn444B/ xanthelasmaremoval.com/wp-includes/VVVcpYsRtGgjQqfgjxbS/ yoho.love/wp-content/e4laFBDXIvYT6O/ yougandan.com/backup_YouGandan-9th-nov/3n6PrcuIaPCNcRU7uj7D/ /3n6PrcuIaPCNcRU7uj7D/ /5MfZPgP06/ /5xUBiRIQ4s3EtKEv67Ebn/ /6J3CV4meLxvZP/ /6f0qIQlWPaYDfa/ /8Nq5rxi7aIGH/ /8kQBFUyohsDRGCJx/ /9CwBhm1xLHlSAmSl8FrG/ /9yt1u/ /BPCahsAFjwF/ /C2J2KyCpQnkK4Um/ /Cc4KG1MDR4xAWp91SjA/ /DGWFrJA0kutWTk/ /F9le301G89W0s2g4jLO5/ /FKyNiHeRz1/ /Gs4yhEwmUamQky9H9rSy/ /HbbVwxEkhvYdloXmjWeBb/ /IFtPKsn/ /LMgGsVXx02LX/ /O709S0/ /OxiAACCoic/ /PZgllRH6QtkaCKtSB50rzr/ /QOm4n2/ /RX6MVSCgGr/ /Uo9xNyX6bgj1/ /VLpfaG1/ /VVVcpYsRtGgjQqfgjxbS/ /XBByNUNWvIEvawb68/ /XRL3pyAvQ9NoDug7wzAzyuL/ /Z8ifMTCM2VBWlfeSZmzv/ /aBER6PrBXc7/ /aPIm2GsjA/ /backup_YouGandan-9th-nov/ /e4laFBDXIvYT6O/ /fdMNv5VqUpd3wKwrDEYc/ /kmIdeXnG/ /nNxmmn9aTcv/ /nVgyRFrTE68Yd9s6/ /oAx5UoQmIX3cbw/ /qlwM2RAHhDG8N8/ /wPInm2rgMu/ /wkCYpDihyc8biTPn444B/ /yYj7tJhnx3gZsJwlOCNCU/ /zwfj5luCBBEL3RrbBgPsz/ # Reference: https://twitter.com/abel1ma/status/1464021181649276928 188.165.214.166:7080 41.76.108.46:8080 # Reference: https://twitter.com/pr0xylife/status/1464234513421246474 alfadandoinc.com /67oyp/bZ033Pj5mW/ /bZ033Pj5mW/ # Reference: https://twitter.com/1ZRR4H/status/1464292396448071681 datascience.inf.udec.cl # Reference: https://www.virustotal.com/gui/file/faf7f22e03ece8ff740f235cb877b68139b8e24bc9a4d881924d3094fa7d88e0/detection 107.182.225.142:8080 110.232.117.186:8080 158.69.222.101:443 176.104.106.96:8080 191.252.196.221:8080 212.237.17.99:8080 212.237.56.116:7080 216.158.226.206:443 50.116.54.215:443 58.227.42.236:80 81.0.236.90:443 91.200.186.228:443 # Reference: https://www.virustotal.com/gui/file/a42b19809d5c72e4bfb1f3c32db4ddd2c000b9e85d84fe34de06dbd658f186e9/detection 45.63.5.129:443 /UgHsfhOlDOzwSAAUPNThHJzDKohxKgDQ # Reference: https://www.virustotal.com/gui/file/b55ecd568ea778ec6759dad6d6f36e382c95c1320db94c82874ad422df5aa63a/detection 46.55.222.11:443 # Reference: https://twitter.com/Max_Mal_/status/1465760141505175556 forwardmart.club teachingcenter.xyz # Reference: https://www.virustotal.com/gui/file/cb2b43994668e1bad49416f30da34f14eba6381a210879df8a1090aedfa9538e/detection boardingschoolsoftware.com/Vineet_Backup/Z9o3/ /Vineet_Backup/Z9o3/ # Reference: https://www.virustotal.com/gui/domain/terracondivisa.farsiprossimofaenza.org/relations terracondivisa.farsiprossimofaenza.org # Reference: https://twitter.com/Max_Mal_/status/1466785013412810756 coachdto.com # Reference: https://twitter.com/Max_Mal_/status/1466138840138145821 rayanew.ir/wp-content/6b7OVW/ /wp-content/6b7OVW/ # Reference: https://twitter.com/VirITeXplorer/status/1465726173393076230 radio-galaxia.us/v/eZoMYhBe2i0H4Fg/ sterileinstrument.com/sterilematrix_mf/RsKnrz5SlP9MXcr/ thebanditproject.com/wp-content/BvZK54PFsCqKio6/ /BvZK54PFsCqKio6/ /eZoMYhBe2i0H4Fg/ /RsKnrz5SlP9MXcr/ # Reference: https://twitter.com/VirITeXplorer/status/1465725143532113936 donnaandlord.com/wp-includes/qfFSVILNBNeep3ZH/ escapelle.uz/wp-includes/n1vS/ openhouse.swu.ac.th/3y1eq/Lni/ /3y1eq/Lni/ /wp-includes/n1vS/ /qfFSVILNBNeep3ZH/ # Reference: https://twitter.com/VirITeXplorer/status/1465718520776433664 locstorageinfo.z13.web.core.windows.net # Reference: https://twitter.com/Max_Mal_/status/1463652707491790852 morishim.com/wp-content/EFhkVPdHVN/ /EFhkVPdHVN/ # Reference: https://twitter.com/Cryptolaemus1/status/1467888926992084992 # Reference: https://twitter.com/Max_Mal_/status/1467935616822394887 dekasitkimya.com/kugh7ig/zNminx5GIx5aHQAunoeLgE/ developmentconsulting.world/4717/R0KjWCh8R3pWoeca4Ky/ mex035.com/8/N5zALqqTmfLxaMH9DstNI/ /kugh7ig/zNminx5GIx5aHQAunoeLgE/ /N5zALqqTmfLxaMH9DstNI/ /R0KjWCh8R3pWoeca4Ky/ /zNminx5GIx5aHQAunoeLgE/ # Reference: https://twitter.com/sugimu_sec/status/1468897544017440770 # Reference: https://www.virustotal.com/gui/file/6d0e2ef17ee4494c3a233bc3c6956dca7d8afb10af26a4ef11ffca256b3d8e39/detection # Reference: https://paste.cryptolaemus.com/emotet/2019/04/25/emotet-malware-IoCs_04-25-19.html http://173.73.87.96 198.58.114.91:4143 198.58.114.91:8080 213.136.86.219:7080 aadityaindiawordpress.000webhostapp.com adel-abbas.000webhostapp.com alokdastk.000webhostapp.com alwardani2022.000webhostapp.com animevn-hd.000webhostapp.com awasayblog.000webhostapp.com chiyababu.000webhostapp.com cinehousehd.000webhostapp.com csm-team.000webhostapp.com dac-website.000webhostapp.com dchkoidze97.000webhostapp.com despreasigurari.000webhostapp.com englishwithantony.000webhostapp.com halalonlines.000webhostapp.com info-checkus.000webhostapp.com ketsawi.000webhostapp.com lojaverbovivo.000webhostapp.com municieneguillagobpe.000webhostapp.com negocios-e-financas.000webhostapp.com newgmp.000webhostapp.com rapolaswordpress.000webhostapp.com recycle-teak.000webhostapp.com slmssdc.000webhostapp.com thunkablemain.000webhostapp.com vapercrewslp.000webhostapp.com zahidahmedtk.000webhostapp.com # Reference: https://twitter.com/Doka__7/status/1468539339328172035 chihabidine.com hyperz.top modamooo.com monorailegypt.com pilotscience.com rjmtel.com # Reference: https://twitter.com/Doka__7/status/1468580167115325442 editdictionary.com gzesa.net snkre.com # Reference: https://www.virustotal.com/gui/file/17da33f0643e6883c3c501df12c5709981e78c87a27f778a1ae32654d6e87680/detection 116.124.128.206:8080 209.239.112.82:8080 englishteachersacademy.com mallzman.com nafasfitness.com hustlesingleqa.wpmudev.host rawlogic.flywheelsites.com/wp-content/eUi0BHnETplWn/ /wp-content/eUi0BHnETplWn/ /ctuzbhg7/ /eUi0BHnETplWn/ /mwwJO5ZO1bAxIhDuZtsNA/ # Reference: https://tria.ge/211209-whze2aeedl 172.104.227.98:443 192.254.71.210:443 31.207.89.74:8080 45.118.115.99:8080 # Reference: https://tria.ge/211209-t9dljaebcq/behavioral2 104.131.62.48:8080 128.199.192.135:8080 159.69.237.188:443 185.148.168.15:8080 185.148.168.220:8080 190.90.233.66:443 210.57.209.142:8080 217.182.143.207:443 62.171.178.147:8080 # Reference: https://twitter.com/Max_Mal_/status/1470886072208998411 1.234.65.61:8080 # Reference: https://twitter.com/Cryptolaemus1/status/1473736473744707587 angel.bk.idv.tw/web_images/vB5Enm5Ciwr8/ catholicroundup.com/wp-content/gF1nMkOSsT0Jq/ econews.site/content/pages/IxolPreOkVGdbI9OX/wNu12HviTj/ schedu.teicrete.gr/moodle/report/trainingsessions/xdxd3JtJs4qRKlVX/ sssilkplaster.in/argyrose/Jr8H2ybRNlh5Y/ # Reference: https://tria.ge/211222-xd8nksgfcq http://87.251.86.178 45.15.23.184:443 162.214.50.39:7080 173.212.193.249:8080 54.37.212.235:80 # Reference: https://twitter.com/malware_traffic/status/1474086707431718922 dcboysofleather.org/wp-admin/aaPJVQxLq9xL7LtEqSBNPasaVLd/ fit4allabilities.wpsupport.urdemo.website/wp-content/KLZjo6Wr3uWaP90/ # Reference: https://twitter.com/malware_traffic/status/1474087109367455744 oravabrewing.co/m4icfr/g0qN0Xb/ # Reference: https://twitter.com/malware_traffic/status/1474089273779310592 beta4.chodoixe.com/wp-content/6ODSX2UojWGrrl/ careeradvicebase.com/wp-includes/uTiCkdD0z08bAMKBrEUQa7gG3xgIp/ # Reference: https://twitter.com/malware_traffic/status/1474093461577994256 depre_dev2.originalprecatorios.com.br/wp-includes/IPJdsPt0TtZdleolsmOE2jSuC/ gallery.turkerozyigit.com/wp-admin/eK8jm2sNnk2/ # Reference:https://twitter.com/VirITeXplorer/status/1474325193539698715 automoto.in.ua/twp8yxk/P82p0AnVSHUU/ conseilprefectoralagadir.ma/ooo/dGhjdeED8L5FjMnuBR/ mgah.flywheelsites.com/images/D7npwK0aI/ oravabrewing.com/m4icfr/g0qN0Xb/ qhyqp.com/wp-admin/6Yiyd8RXexIaEiJTuF/ sovip86.com/get/YOloy/ v4switch.com/packet/1CzImIRIThmzl/ # Reference: https://twitter.com/Max_Mal_/status/1474141632727502848 104.168.155.129:8080 # Reference: https://www.virustotal.com/gui/file/baf599abab1d6969e1ba455f83375cbc9643bbe5049189729d3ce60be08e4a58/detection your-info-services.xyz /?user_auth=newpb1_1 /?user_auth=newpb1_2 /?user_auth=newpb1_3 /?user_auth=newpb1_4 /?user_auth=newpb1_5 /?user_auth=newpb1_6 /?user_auth=newpb1_7 /?user_auth=newpb1_8 /?user_auth=newpb1_9 # Reference: https://blog.talosintelligence.com/2021/10/threat-roundup-1022-1029.html (# Win.Dropper.Emotet-9904032-0) fcvyvvbtdcswh.com kntkuamkkrwaknrusx.com mwqgwqcbllxhchd.com rmprupuvboixif.com # Reference: https://twitter.com/VirITeXplorer/status/1480849306680758272 o2omart.co.in/infructuose/vlkIcu2LQ0/ gaidov.bg/wp-includes/Ug/ studiokrishnaproduction.com/wp-includes/3mJ/ goodmarketinggroup.com/live_site/Y9cEk9QNlDUeg/ /infructuose/vlkIcu2LQ0/ /live_site/Y9cEk9QNlDUeg/ # Reference: https://twitter.com/pr0xylife/status/1480850321077383170 djokoproperties.com/w0fxf/D99XJ7gfsYlFF/ /w0fxf/D99XJ7gfsYlFF/ /w0fxf/ /D99XJ7gfsYlFF/ # Reference: https://twitter.com/Max_Mal_/status/1480859613885050882 shopnhap.com/highbinder/nnYko9FDNJ/ txingame.com/wp-content/PwKfVQfdhHbAv2j/ wordpressdes.vanzolini-gte.org.br/fundacaotelefonica.org.br/gAbC4QpJYI/ /gAbC4QpJYI/ /nnYko9FDNJ/ /PwKfVQfdhHbAv2j/ # Reference: https://twitter.com/Max_Mal_/status/1480865116853833730 # Reference: https://www.virustotal.com/gui/file/ea6124225b5b6730fe6559a491eea029863a3b092d174a3aea9010e8b213f32c/detection 131.100.24.231:80 # Reference: https://twitter.com/pr0xylife/status/1480853452209238018 # Reference: https://pastebin.com/N565gG3i 131.100.24.231:80 178.63.25.185:443 209.59.138.75:7080 45.176.232.124:443 58.227.42.236:80 79.172.212.216:8080 # Reference: https://twitter.com/pr0xylife/status/1480905083353247749 changeholon.co.il/assets/zqAcz5s31t9/ /assets/zqAcz5s31t9/ /zqAcz5s31t9/ # Reference: https://twitter.com/pr0xylife/status/1481216595703869441 kauffmancreates.com/images/G8050LVq/ sanagrafix.com/udll/fki4w1vFApT4Rwjp1R/ unifiedpharma.com/wp-admin/ildi5K2aTIrdvEobQ/ /fki4w1vFApT4Rwjp1R/ /G8050LVq/ /ildi5K2aTIrdvEobQ/ # Reference: https://twitter.com/pr0xylife/status/1481254831222317065 be-pu.com/4.hana/Y1XWpb1zWMRD/ bestwifirouterreview.xyz/wp-includes/css/uyC/ cloudlucky.xyz/hjxe/XIGH-067296/ glendbank.com/wp-admin/0660433/ josephinebaba.com/licenses/7Doxdg/ sincoherenmachine.com/wp-content/15249437_8957791/ /7Doxdg/ /XIGH-067296/ /Y1XWpb1zWMRD/ # Reference: https://twitter.com/pr0xylife/status/1481270464156680196 easybuy22.xyz/wp-includes/css/zdFH32O6JV6lk3/ esicafirearms.com/default_page_static_resources/276430515036976/ insertcatherreview.xyz/wp-includes/o23k5ted/ mewb.org/wp-admin/2fcpQyzanzkiO1/ /css/zdFH32O6JV6lk3/ /wp-admin/2fcpQyzanzkiO1/ /wp-includes/o23k5ted/ /o23k5ted/ /2fcpQyzanzkiO1/ /zdFH32O6JV6lk3/ # Reference: https://twitter.com/pr0xylife/status/1481280566309838852 dpmcompras.xyz ecoplastindia.in/obsqj8/867194_0/ online.libertyinvestmentbank.com/__MACOSX/2LbJ1s8tojqtw0/ vlogingcamerareview.xyz/wp-includes/nveHidp/ dpmcompras.xyz/wp-content/R28snV2ko7tgD7yuIVa/ /__MACOSX/2LbJ1s8tojqtw0/ /2LbJ1s8tojqtw0/ /wp-includes/nveHidp/ /wp-content/R28snV2ko7tgD7yuIVa/ /R28snV2ko7tgD7yuIVa/ # Reference: https://twitter.com/dms1899/status/1481372936237989888 yuanbinglun.com/www.yuanbinglun.com/7kKwqmxRWQK0OLi/ laserjetprintersreview.xyz/wp-includes/BJ6yUJ/ 2021.posadamision.com/wp-admin/IoqaL08/ /7kKwqmxRWQK0OLi/ /wp-includes/BJ6yUJ/ /wp-admin/IoqaL08/ # Reference: https://twitter.com/dms1899/status/1481372122530422789 # Reference: https://www.virustotal.com/gui/file/135ace077486200deffc6797336cc464b62f91268eef6e6cee687a8c6d792053/detection http://15.237.135.38 cakemixturereview.xyz wateringcanreview.xyz /dza9hr/kjt6/ /wp-includes/css/qky11a/ /wp-includes/U2ayYVCPRhWqERyw4/ # Reference: https://twitter.com/Cryptolaemus1/status/1481535459297837060 dichnghiatienganh.com/jvmqawn/BxWl97O8xLgnzr/ mindfulness-travels.com/wp/1bifhHeHUU8eAeRl/ recont.com/n8xbqb/5H86niA5y/ /jvmqawn/BxWl97O8xLgnzr/ /n8xbqb/5H86niA5y/ /wp/1bifhHeHUU8eAeRl/ /1bifhHeHUU8eAeRl/ /5H86niA5y/ /BxWl97O8xLgnzr/ /n8xbqb/ # Reference: https://twitter.com/Cryptolaemus1/status/1481535462430978052 govtjobresultbd.xyz/wp-content/9SFD/ josephinebaba.com/licenses/GEibxZ0fj/ yougandan.com/wp-content/6BDwcZOgnizqfDmDu/ /licenses/GEibxZ0fj/ /wp-content/6BDwcZOgnizqfDmDu/ /wp-content/9SFD/ /6BDwcZOgnizqfDmDu/ /9SFD/ /GEibxZ0fj/ # Reference: https://twitter.com/Cryptolaemus1/status/1481535460946100224 auto.lambolero.com/f1nygync/J18Keqh/ archives-program.com/lbx2/fq4/ easyfitcr.com/app/LskbLtWaI/ /app/LskbLtWaI/ /f1nygync/J18Keqh/ /lbx2/fq4/ /J18Keqh/ /LskbLtWaI/ # Reference: https://twitter.com/604Kuzushi/status/1481316181634027522 insertcatherreview.xyz/wp-includes/o23k5ted/ mewb.org/wp-admin/2fcpQyzanzkiO1/ tombola.olfactive.net/wp-content/51CTCGQESRVW_3/ /wp-admin/2fcpQyzanzkiO1/ /wp-content/51CTCGQESRVW_3/ /wp-includes/o23k5ted/ /2fcpQyzanzkiO1/ /51CTCGQESRVW_3/ /o23k5ted/ # Reference: https://www.virustotal.com/gui/file/1c3a246a7d0574bf5c8b3b16fde8880c6d8f109fd3b8b50b690068329c46c75a/detection myvanillastuffs.xyz cammis.com.br/wp-admin/8lArx/ condi-shop.ru/wp-includes/nWJ/ gosmartmoving.com/wp-content/3QC/ hanh.cz/blogs/XU/ ilfacomercial.cl/wp-includes/P/ /wp-content/3QC/ /wp-admin/8lArx/ /wp-includes/nWJ/ # Reference: https://twitter.com/Cryptolaemus1/status/1481901199917989889 1566xueshe.com/wp-includes/b8YEFeMQpgnpX/ bisnescoway.com/wp-includes/g7Jh/g7Jh/ centrichotel.com/wp-admin/ZBVB66j/ chicagocloudgroup.com/wp-content/updraft/OKXV/ goldfinancenews.com/wp-includes/thCuZE5VAdTQ/ moversphiladelphia.org/cmsxml/9ByFSxP/ staging.mobettertech.com/assets/priWXQiXuU3JH/ therecyclingmachine.com/wp-admin/LzpOZSlkq90fYT1/ zhongmaifangwu.com/TEST777/3U4Un0u/ /TEST777/3U4Un0u/ /assets/priWXQiXuU3JH/ /cmsxml/9ByFSxP/ /wp-admin/LzpOZSlkq90fYT1/ /wp-admin/ZBVB66j/ /wp-content/updraft/ /wp-includes/b8YEFeMQpgnpX/ /wp-includes/g7Jh/ /wp-includes/thCuZE5VAdTQ/ /3U4Un0u/ /9ByFSxP/ /LzpOZSlkq90fYT1/ /ZBVB66j/ /b8YEFeMQpgnpX/ /g7Jh/ /priWXQiXuU3JH/ /thCuZE5VAdTQ/ /updraft/ # Reference: https://twitter.com/pr0xylife/status/1481915188081217539 astrologersandeepbhargav.com/wp-admin/FRwR9VH/ celhocortofilmfestival.stream/css/Naq/ shopnhap.com/highbinder/UedVfTHDf5Em40/ /highbinder/UedVfTHDf5Em40/ /wp-admin/FRwR9VH/ /FRwR9VH/ /UedVfTHDf5Em40/ # Reference: https://twitter.com/Artilllerie/status/1481651830861930512 # Reference: https://0paste.com/346078 45.138.98.34:80 69.16.218.101:8080 # Reference: https://twitter.com/pr0xylife/status/1481983690804797441 91xxxooo.com badmakeup.biz hordlepc.com/rootF0x-uyxab/YW8UUhCWN/ /3ez4GMS65Gk6Bgxd/ /hRG6d/ /rootF0x-uyxab/ /YW8UUhCWN/ /dhl/3ez4GMS65Gk6Bgxd/ /get/hRG6d/ /rootF0x-uyxab/YW8UUhCWN/ # Reference: https://twitter.com/Max_Mal_/status/1482156865932910592 monorailegypt.com/wp-admin/6uBf9CCfZRMh/ wordpress.baishuweb.com/wp-includes/10q0ice6/ mail.emilyanncain.com/cgi-bin/A7NT3ENvn/ /cgi-bin/A7NT3ENvn/ /wp-admin/6uBf9CCfZRMh/ /wp-includes/10q0ice6/ /10q0ice6/ /6uBf9CCfZRMh/ /A7NT3ENvn/ # Reference: https://twitter.com/pr0xylife/status/1482309044274663425 crownpacificpartners.com/guglio/Rt4el/ govtjobresultbd.xyz/sjjz/UIUhOHsLqjOy9/ meca-global.com/wp-admin/LJF_053824/ nbp-c.com/ya/O0BO5vb3z1MkWcDOqV2/ ostadsarma.com/wp-admin/JNgASjNC/ rjmtel.com/wp-content/bYAiTvGo635qKITG6/ solr.yakari.id/wp-content/UM-56567/ thesensescollection.com/wp-admin/nmpk_799/ zml.laneso.com/packet/AlvJ8OdtSYEeeCQP/ /guglio/Rt4el/ /packet/AlvJ8OdtSYEeeCQP/ /sjjz/UIUhOHsLqjOy9/ /wp-admin/JNgASjNC/ /wp-admin/LJF_053824/ /wp-admin/nmpk_799/ /wp-content/UM-56567/ /wp-content/bYAiTvGo635qKITG6/ /ya/O0BO5vb3z1MkWcDOqV2/ /AlvJ8OdtSYEeeCQP/ /JNgASjNC/ /LJF_053824/ /O0BO5vb3z1MkWcDOqV2/ /UIUhOHsLqjOy9/ /UM-56567/ /bYAiTvGo635qKITG6/ /nmpk_799/ # Reference: https://www.virustotal.com/gui/file/7d37b6d909b0564605a92781d24f6a2da662b176d749562497aef5ee173c01f8/detection kobo.nhanhwebvn.com/wp-admin/Cy4bJWG2PW/ /wp-admin/Cy4bJWG2PW/ /Cy4bJWG2PW/ # Reference: https://twitter.com/pr0xylife/status/1483008490511736834 shop.lambolero.com/iiwkjgp/eu7rH6/ api.task-lite.com/-/EYe3DEfcw7LCaU6T/ celhocortofilmfestival.stream/css/oQSBr44obE/ /-/EYe3DEfcw7LCaU6T/ /css/oQSBr44obE/ /iiwkjgp/eu7rH6/ /EYe3DEfcw7LCaU6T/ /oQSBr44obE/ /iiwkjgp/ /eu7rH6/ # Reference: https://twitter.com/pr0xylife/status/1483022867499470853 avionxpress.com/lp/T9b1Bga4FdDfP5HI/ kihonhair.com.br/wp-admin/images/943564_752108/ /lp/T9b1Bga4FdDfP5HI/ /T9b1Bga4FdDfP5HI/ # Reference: https://twitter.com/1ZRR4H/status/1483180060450635776 # Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-01-17_Emotet_MaldocURLs http://3.144.77.67 3demon.biz/2fh0g/24630_55/ 3demon.biz/2fh0g/5630UOCU_099413/ 3demon.biz/2fh0g/AYHQB_079741/ 5buckshop.ml/wp-includes/2064_90932/ 5buckshop.ml/wp-includes/614283746323/ 5buckshop.ml/wp-includes/6373959IGARUNW_9493/ 5gtodo.com/content/IMI_737/ abigaillagus.com/wp-includes/844645682_3352/ accounting-programss.com/ghcvf/775077-420744/ admin.sattaking-real.com/globals/207819679933/ admin.sattaking-real.com/globals/K-224158/ adnl.com.mx/manutenzione/NGJWW_3714/ agdm.ml/wp-admin/L-67525/ aimeos.softuvo.xyz/packages/57_3089588/ alignerpliers.com/er1lrd/792TWAHUC_29/ alignerpliers.com/er1lrd/CSUM73/ ammoments.com/NSTIFestival/V-71552/ angel.bk.idv.tw/web_images/195873537396/ api.task-lite.com/-/922537-926678/ api.task-lite.com/-/HN-43701046/ apidev.sunworld.vn/routes/74203485_772506804/80736153-93/ apple-service93.ru/wp-includes/FJG_722210631/ ariesnetwork.co.uk/cgi-bin/N_343276561/ asolmart.com/wp-includes/6wo63l/ auto.lambolero.com/f1nygync/065138_50/ autoemail.zpesport.com/static/489568890680/ autoemail.zpesport.com/static/FUc25542/ automoto.in.ua/twp8yxk/8601057-6361/ avayesanat.ir/wp-admin/054607806_6357300/ avayesanat.ir/wp-admin/7029123-7525319/ avayesanat.ir/wp-admin/LGR_7686086/ avionxpress.com/lp/248437057060/ behaviouralworkshop.com/msuvpkl/39078592_0049563/ bisnesservis-fk.ru/phalangist/63841_8110773/ bisnesservis-fk.ru/phalangist/9711415307552/ blakeriot.com/z38nil9/6396150382138/ blakeriot.com/z38nil9/GVC98/ blog.stetgzs.cn/wp-content/6580156_924590/ bloom-here.org/wp-content/03152002RDFHV_3669/ bloom-here.org/wp-content/045566VCUOWKGLUV82023/ bloom-here.org/wp-content/OC_366/ boardingschoolsoftware.com/Vineet_Backup/78765051_2/ bricolambert.com/wp-admin/6019OQXHOG-341528/ bricolambert.com/wp-admin/75748004872301/ bricolambert.com/wp-admin/8716_84622/ buildotech.com/hijy/11PLKCJMED_49806929/ canadacannabis.live/wp-includes/Y-76388385/ casinoc.ru/akt34/076tkZZDP/9334328-1553827/ casinoc.ru/akt34/WLL83/ casinoc.ru/akt34/wzq-883/ castlenkings.com/wp-includes/CFpH_1214/ celhocortofilmfestival.stream/css/FYLRQ-350/ centralcdmx.gq/wp-admin/53442142_1285745/ challenge.capelle-fotografeert.nl/img/19691-6/ challenge.capelle-fotografeert.nl/img/6103876685/ challenge.capelle-fotografeert.nl/img/80806385236188/ charmsukh.vip/wp-includes/certificates/g_33941/ charmsukh.vip/wp-includes/certificates/hdyi_0444371/ child.dental/wp-content/44353536_6/ child.dental/wp-content/JNXQ6450922/ chiukim.com/1nshiol/5260_22/ chiukim.com/1nshiol/C_1588076/ cisjamaica.com/0av60391igppygl/3895457072777837/ cisjamaica.com/0av60391igppygl/PODML-05/ computec-zim.com.mx/llyy5br/08368396RLOLADW-2330/ computec-zim.com.mx/llyy5br/WX_927/ computec-zim.com.mx/llyy5br/ajgmj_03273682/ comsatnet.com/ComsatNet/0804401-830313/ comsatnet.com/ComsatNet/1900_35398/ cursossemana.com/wp-content/62091_374/ demo.avionxpress.com/rbud/PE-29121/ demo.avionxpress.com/rbud/qrkff_26636/ demo.birgeek.ir/dist/29111648WXNCTLG_8/ demo.birgeek.ir/dist/64533236-39263855/ demo.birgeek.ir/dist/920263369_34093/ demo.nhabe360.com/3/oacaiw_680152/ denunciator.dimenxion.es/wp-admin/22_4/ denunciator.dimenxion.es/wp-admin/73919/ denunciator.dimenxion.es/wp-admin/hB_06379/ deti.czsv.dp.ua/wp/179GJUWBWV-9360/ dev.sonicartoriginals.com/wp-content/3085594/ dev.sonicartoriginals.com/wp-content/95349859CXW_09/ divinaprovidenciaautlan.com/wp-content/YWTCJ-4/ divinaprovidenciaautlan.com/wp-content/ieg84/ donate.lambolero.com/-/CXTHQ_27775/ donate.lambolero.com/-/TXI_526114/ dukaree.com/wp-includes/6711444_861021/ dukaree.com/wp-includes/ore_49089/ eaton.edu.my/pki-validation/934144_669980/ efaxbox4document.crepsad.tg/qdu4o/558727461969/ efaxbox4document.crepsad.tg/qdu4o/B_337328/ elearning.physiotraining.com.gt/6xtdv/E_024/ elearning.physiotraining.com.gt/AAQ/3990682_65635580/ elearning.physiotraining.com.gt/AAQ/PGE_08517721/ encuentroagromatrisoja.com/cgi-bin/IGRYv61/ encuentroagromatrisoja.com/cgi-bin/TQ17769450/ erizo.webarrive.com/cgi-bin/N5611/ esakip.dev.semarangkab.go.id/application/131102GFWZOPN4344/ esakip.dev.semarangkab.go.id/application/m_786948/ evaluecrm.com/wp-content/5653QNW_4235308/ evaluecrm.com/wp-content/70543625/ expansion.co.uk/cyr2latl/391_250588263/ fitrahhanniah.sch.id/p2db.fitrahhanniah.sch.id/6111/ fitrahhanniah.sch.id/p2db.fitrahhanniah.sch.id/PR-8897/ fortcomfurniture.com/wp-content/TZXK-02153690/ freereadmanga.com/temp/9625-70165/ freereadmanga.com/temp/SLRH805/ freereadmanga.com/temp/VQ-093818/ fromtofor.ca/redetermination/213924_7182/ fromtofor.ca/redetermination/52362675-8225473/ fromtofor.ca/redetermination/NBF64/ fse.in.ua/layouts/iniryg_378/ geetanjaliconstructions.com/gallery_js/XR_931922/ getbetadeal.com.ng/jr/557376791_63/ getbetadeal.com.ng/jr/SMS-97632765/ getbetadeal.com.ng/jr/fco9481/ glendbank.com/wp-admin/0660433/ glendbank.com/wp-admin/Z97/ graniteprint.co.uk/derivedness/569392-2976/ graniteprint.co.uk/derivedness/JIN_8864/ graniteprint.co.uk/derivedness/rjptc_24531/ greatmagazinesgift.co.uk/quo-officiis/Ue15238965/ guardagfq.xyz/wp-content/2679577_8/ guardagfq.xyz/wp-content/HOA_030163/ gzesa.net/wp-includes/ID3/OJ51/ gzndfit.com/520/72171-019/ hammerpzjx.xyz/qatta/596FVEZHHXZZY_9/ hammerpzjx.xyz/qatta/P_222863/ hbaa.law/wp/30136_0/ hbaa.law/wp/SM42099/ hbaa.law/wp/szremm-05/ humvegetarian.w3.eyeteam.vn/themes/1466882965486/ humvegetarian.w3.eyeteam.vn/themes/BBXY_5410/ hz1.xhjmmm.com/fz/LNSHA31102/ hz1.xhjmmm.com/fz/NRU_22/ ikomfort.hk/box/czr-16786/ infomakers.com.br/wp-includes/1091593-843835/ infomakers.com.br/wp-includes/15426038862272/ infomakers.com.br/wp-includes/q7573185/ kamac.com.br/wp-content/222335655_4377/ kamac.com.br/wp-content/7888490_488098/ kangharu.id/Docker/042144_138028038/ kangharu.id/Docker/49134348NXDEO-393072/ kangharu.id/Docker/H-599688/ karnalbreakingnews.com/wp-includes/QHALW-12/ karnalbreakingnews.com/wp-includes/jsfprwo9/ khbd.41319.top/e/6013413413915668/ khbd.41319.top/e/toggifq-1122/ kihonhair.com.br/wp-admin/images/1373443030/ kihonhair.com.br/wp-admin/images/856KICQJ_3528/ kihonhair.com.br/wp-admin/images/943564_752108/ kopalpublicschool.com/js/4671138-2142871/ landing.serv-il.co.il/kd/5363_9266/ landing.serv-il.co.il/kd/61692-80465990/ landing.serv-il.co.il/kd/TMG-42405640/ leadphysio.com/wp-content/plugins/dwe/P_31/ learning.fawe.org/wp-content/210322476-34286/ mebli-land.com/g17ch6vk/15LVID_41625495/ meca-global.com/wp-admin/LJF_053824/ meca-global.com/wp-admin/NA_368/ meca-global.com/wp-admin/Pp_180787/ meca.global/wp-admin/0904XOYQQCP_283853/ meca.global/wp-admin/CEGR_030275314/ meca.global/wp-admin/e_9/ medicinskaskolaberane.edu.me/wp-content/SG-68041023/ meltatours.co.za/6982LPXYTQEINP-6448/ meltatours.co.za/AQ35/ mex035.com/8/9307883_616563/ mex035.com/8/XXQ77161/ milhojas.is/wp-admin/834600889_482/ milhojas.is/wp-admin/BF67602/ milhojas.is/wp-admin/J_2667/ monosun.net/wp-includes/77593230-025420/ motocarbrasil.org/segundavia/5923538_98/ motocarbrasil.org/segundavia/MBG_0577/ mtc.joburg.org.za/-/5259-337/ mtc.joburg.org.za/-/9153684_12245/ mtc.joburg.org.za/-/FJ_982/ mymicrogreen.mightcode.com/pub/O-60037/ nattawut-gamefowl.com/wp-admin/39919-49912177/ ngoxrana.uz/wp-content/4125691_36232/ ngoxrana.uz/wp-content/627125_3762/ notesculture.com/wp-includes/711821379-472/ o2omart.co.in/infructuose/L_41153/ old.liceum9.ru/images/076277JLMQAVJ_9309/ old.liceum9.ru/images/159_23/ old.liceum9.ru/images/jcqrej-12499525/ onebet.co.ug/wp-content/243269MQMOA_50/ opornik55.ru/wp-content/uploads/MQ_44207/ ordereasy.hk/error/0146-87417/ ordereasy.hk/error/tyj_755240/ ozvita.club/wp-includes/kpmlgj_715340/ padhehindime.com/wp-admin/1933AJLB08/ padhehindime.com/wp-admin/MD-029/ padsea.cn/unmisgivingly/567895NGRJ-551395/ padsea.cn/unmisgivingly/621_480/ padsea.cn/unmisgivingly/URL-589/ panel.betfredtakeaway.com/awJPDGElQ/6687936_039389064/ pasionportufuturo.pe/wp-content/04629089_837/ pasionportufuturo.pe/wp-content/Qlwvq_344/ pedagogicobilingue.edu.pe/wp-content/1123973/ pedagogicobilingue.edu.pe/wp-content/L_056695/ pedagogicobilingue.edu.pe/wp-content/N-702226/ phehellatech.demo9lec.co.za/yqckzi/89016144772/ portocenterhotel.com.br/lem/386439354_5027654/ portocenterhotel.com.br/lem/80830-57276/ project4.monster-online.com/wzjmkm/42471635/ project4.monster-online.com/wzjmkm/67FFIUGDAEXK-93278/ project4.monster-online.com/wzjmkm/mew-67260/ project7.monster-online.com/images/966801862_45/ ptmanishsharma.site/d2os/V-8/ ronakdaru.com/wp-admin/waWz02165/ ruperhatcosmetics.xyz/wp-content/85114948XTPPLGDYEO_679/ ruperhatcosmetics.xyz/wp-content/rsv_2608531/ samritz1.atpvitaltesting.com/vg5c/9545_345/ samritz1.atpvitaltesting.com/vg5c/965_8044/ share.ogivart.us/mailv/103721773_61088/ share.ogivart.us/mailv/1728717/ share.ogivart.us/mailv/ZNXIF_98705/ shop.lambolero.com/iiwkjgp/jqzixzn_96581/ shop.lambolero.com/iiwkjgp/tfri_9419/ simunyepoolservices.demo9lec.co.za/70omzs/rr6eY1LlKxiJpRkyXb/ singsamut.ac.th/4uvmw/11909163/ site.aau.edu.et/pigeonholer/413594844/ site.aau.edu.et/pigeonholer/5755_795/ site.aau.edu.et/wp-admin/QSIM-68900/ smarthealthcare.pk/a/105953-666/ softisans.com/admin/5070379LOCUHHA657/ sp.mongoso.com/wp-content/98884121389541/ sp.mongoso.com/wp-content/edapxn_3379/ stermygh.com/wp-admin/107703_95/ stermygh.com/wp-admin/130680_0/ t.tops.video/t/29882-804/ t.tops.video/t/HPlA9064/ t.tops.video/t/HQRUS_21172563/ te.pppleohhh.xyz/test/81_53507/ te.pppleohhh.xyz/test/92838080-43105207/ test.la-boticaria.com/wp-content/07362190-8288592/ testmp.dune.ru/wp-content/021930_85/ testmp.dune.ru/wp-content/3347246-493/ testmp.dune.ru/wp-content/36833322550/ testmp.dune.ru/wp-content/45477300-62539359/ torshshop.ir/wp-admin/08672110078/ torshshop.ir/wp-admin/1387159-468999142/ torshshop.ir/wp-admin/IP-702709021/ towardsun.net/admin/68955_80/ trade-agro.top/e/QXSY-740/ tradefactweb.azurewebsites.net/calendar/66466422_13/ tradefactweb.azurewebsites.net/calendar/749086_5815972/ trippytours.in/tx7p6/67632814_7/ txingame.com/wp-content/91936257-2659962/ vintres.com.br/wp-includes/55130687688/ virtual.tecnologicojuanjui.edu.pe/availability/g-34520/ vnamazon.vn/genethliacs/4278747845393/ vnamazon.vn/genethliacs/QKVC_688310/ vulkanvegasbonus.jeunete.com/wp-content/066279614_229/ wearsweetbomb.com/wp-content/1LtVz8y0f7CuWwH58M8tb8/99328410_88/ wearsweetbomb.com/wp-content/46607746EWOD9/ womenonwheelsmtb.demo9lec.co.za/cnegwgkr/SEfJs-0152/ xn--vysx78fh5q.tw/51094_192/ yougandan.com/wp-content/uz_415/ znzhou.top/wp-admin/TXSH-9651347/ /ew/35106368971278/ /-/5259-337/ /-/9153684_12245/ /-/922537-926678/ /-/CXTHQ_27775/ /-/FJ_982/ /-/HN-43701046/ /-/TXI_526114/ /0av60391igppygl/3895457072777837/ /0av60391igppygl/PODML-05/ /1nshiol/5260_22/ /1nshiol/C_1588076/ /2fh0g/24630_55/ /2fh0g/5630UOCU_099413/ /2fh0g/AYHQB_079741/ /3/oacaiw_680152/ /4uvmw/11909163/ /51094_192/ /520/72171-019/ /6982LPXYTQEINP-6448// /6xtdv/E_024/ /70omzs/rr6eY1LlKxiJpRkyXb/ /8/9307883_616563/ /8/XXQ77161/ /a/105953-666/ /AAQ/3990682_65635580/ /AAQ/PGE_08517721/ /admin/5070379LOCUHHA657/ /admin/68955_80/ /akt34/076tkZZDP/ /akt34/WLL83/ /akt34/wzq-883/ /application/131102GFWZOPN4344/ /application/m_786948/ /AQ35// /availability/g-34520/ /awJPDGElQ/6687936_039389064/ /box/czr-16786/ /calendar/66466422_13/ /calendar/749086_5815972/ /cgi-bin/IGRYv61/ /cgi-bin/N5611/ /cgi-bin/N_343276561/ /cgi-bin/TQ17769450/ /cnegwgkr/SEfJs-0152/ /ComsatNet/0804401-830313/ /ComsatNet/1900_35398/ /content/IMI_737/ /css/FYLRQ-350/ /cyr2latl/391_250588263/ /d2os/V-8/ /derivedness/569392-2976/ /derivedness/JIN_8864/ /derivedness/rjptc_24531/ /dist/29111648WXNCTLG_8/ /dist/64533236-39263855/ /dist/920263369_34093/ /Docker/042144_138028038/ /Docker/49134348NXDEO-393072/ /Docker/H-599688/ /e/6013413413915668/ /e/QXSY-740/ /e/toggifq-1122/ /er1lrd/792TWAHUC_29/ /er1lrd/CSUM73/ /error/0146-87417/ /error/tyj_755240/ /f1nygync/065138_50/ /fz/LNSHA31102/ /fz/NRU_22/ /g17ch6vk/15LVID_41625495/ /gallery_js/XR_931922/ /genethliacs/4278747845393/ /genethliacs/QKVC_688310/ /ghcvf/775077-420744/ /globals/207819679933/ /globals/K-224158/ /hijy/11PLKCJMED_49806929/ /iiwkjgp/jqzixzn_96581/ /iiwkjgp/tfri_9419/ /images/076277JLMQAVJ_9309/ /images/159_23/ /images/966801862_45/ /images/jcqrej-12499525/ /img/19691-6/ /img/6103876685/ /img/80806385236188/ /infructuose/L_41153/ /jr/557376791_63/ /jr/fco9481/ /jr/SMS-97632765/ /js/4671138-2142871/ /kd/5363_9266/ /kd/61692-80465990/ /kd/TMG-42405640/ /layouts/iniryg_378/ /lem/386439354_5027654/ /lem/80830-57276/ /llyy5br/08368396RLOLADW-2330/ /llyy5br/ajgmj_03273682/ /llyy5br/WX_927/ /lp/248437057060/ /mailv/103721773_61088/ /mailv/1728717/ /mailv/ZNXIF_98705/ /manutenzione/NGJWW_3714/ /msuvpkl/39078592_0049563/ /NSTIFestival/V-71552/ /p2db.fitrahhanniah.sch.id/6111/ /p2db.fitrahhanniah.sch.id/PR-8897/ /packages/57_3089588/ /phalangist/63841_8110773/ /phalangist/9711415307552/ /pigeonholer/413594844/ /pigeonholer/5755_795/ /pki-validation/934144_669980/ /pub/O-60037/ /qatta/596FVEZHHXZZY_9/ /qatta/P_222863/ /qdu4o/558727461969/ /qdu4o/B_337328/ /quo-officiis/Ue15238965/ /rbud/PE-29121/ /rbud/qrkff_26636/ /redetermination/213924_7182/ /redetermination/52362675-8225473/ /redetermination/NBF64/ /routes/74203485_772506804/ /segundavia/5923538_98/ /segundavia/MBG_0577/ /static/489568890680/ /static/FUc25542/ /t/29882-804/ /t/HPlA9064/ /t/HQRUS_21172563/ /temp/9625-70165/ /temp/SLRH805/ /temp/VQ-093818/ /test/81_53507/ /test/92838080-43105207/ /themes/1466882965486/ /themes/BBXY_5410/ /twp8yxk/8601057-6361/ /tx7p6/67632814_7/ /unmisgivingly/567895NGRJ-551395/ /unmisgivingly/621_480/ /unmisgivingly/URL-589/ /vg5c/9545_345/ /vg5c/965_8044/ /Vineet_Backup/78765051_2/ /web_images/195873537396/ /wp-admin/054607806_6357300/ /wp-admin/0660433/ /wp-admin/08672110078/ /wp-admin/0904XOYQQCP_283853/ /wp-admin/107703_95/ /wp-admin/130680_0/ /wp-admin/1387159-468999142/ /wp-admin/1933AJLB08/ /wp-admin/22_4/ /wp-admin/39919-49912177/ /wp-admin/53442142_1285745/ /wp-admin/6019OQXHOG-341528/ /wp-admin/7029123-7525319/ /wp-admin/73919/ /wp-admin/75748004872301/ /wp-admin/834600889_482/ /wp-admin/8716_84622/ /wp-admin/BF67602/ /wp-admin/CEGR_030275314/ /wp-admin/e_9/ /wp-admin/hB_06379/ /wp-admin/IP-702709021/ /wp-admin/J_2667/ /wp-admin/L-67525/ /wp-admin/LGR_7686086/ /wp-admin/LJF_053824/ /wp-admin/MD-029/ /wp-admin/NA_368/ /wp-admin/Pp_180787/ /wp-admin/QSIM-68900/ /wp-admin/TXSH-9651347/ /wp-admin/waWz02165/ /wp-admin/Z97/ /wp-content/021930_85/ /wp-content/03152002RDFHV_3669/ /wp-content/045566VCUOWKGLUV82023/ /wp-content/04629089_837/ /wp-content/066279614_229/ /wp-content/07362190-8288592/ /wp-content/1123973/ /wp-content/1LtVz8y0f7CuWwH58M8tb8/ /wp-content/210322476-34286/ /wp-content/222335655_4377/ /wp-content/243269MQMOA_50/ /wp-content/2679577_8/ /wp-content/3085594/ /wp-content/3347246-493/ /wp-content/36833322550/ /wp-content/4125691_36232/ /wp-content/44353536_6/ /wp-content/45477300-62539359/ /wp-content/46607746EWOD9/ /wp-content/5653QNW_4235308/ /wp-content/62091_374/ /wp-content/627125_3762/ /wp-content/6580156_924590/ /wp-content/70543625/ /wp-content/7888490_488098/ /wp-content/85114948XTPPLGDYEO_679/ /wp-content/91936257-2659962/ /wp-content/95349859CXW_09/ /wp-content/98884121389541/ /wp-content/edapxn_3379/ /wp-content/HOA_030163/ /wp-content/ieg84/ /wp-content/JNXQ6450922/ /wp-content/L_056695/ /wp-content/N-702226/ /wp-content/OC_366/ /wp-content/Qlwvq_344/ /wp-content/rsv_2608531/ /wp-content/SG-68041023/ /wp-content/TZXK-02153690/ /wp-content/uz_415/ /wp-content/YWTCJ-4/ /wp-includes/1091593-843835/ /wp-includes/15426038862272/ /wp-includes/2064_90932/ /wp-includes/55130687688/ /wp-includes/614283746323/ /wp-includes/6373959IGARUNW_9493/ /wp-includes/6711444_861021/ /wp-includes/6wo63l/ /wp-includes/711821379-472/ /wp-includes/77593230-025420/ /wp-includes/844645682_3352/ /wp-includes/certificates/ /wp-includes/CFpH_1214/ /wp-includes/FJG_722210631/ /wp-includes/ID3/ /wp-includes/jsfprwo9/ /wp-includes/kpmlgj_715340/ /wp-includes/ore_49089/ /wp-includes/q7573185/ /wp-includes/QHALW-12/ /wp-includes/Y-76388385/ /wp/179GJUWBWV-9360/ /wp/30136_0/ /wp/SM42099/ /wp/szremm-05/ /wzjmkm/42471635/ /wzjmkm/67FFIUGDAEXK-93278/ /wzjmkm/mew-67260/ /yqckzi/89016144772/ /z38nil9/6396150382138/ /z38nil9/GVC98/ # Reference: https://twitter.com/Max_Mal_/status/1483223283394916354 # Reference: https://www.virustotal.com/gui/file/4d8e2810328f7a442cb42a185f4377f8f14a121074116ac6073aca8d60a5b5de/detection http://193.42.36.245 144.217.88.125:443 mecaglobal.com/qxim/TlDTjlxYAdwU/ /qxim/TlDTjlxYAdwU/ /TlDTjlxYAdwU/ # Reference: https://twitter.com/pr0xylife/status/1483380330652487680 # Reference: https://www.joesandbox.com/analysis/554688/0/html http://185.7.214.7 2021.posadamision.com/wp-admin/gO7Qvfd1/ uber-ourtaxi.az/eha/2g4/ /wp-admin/gO7Qvfd1/ /gO7Qvfd1/ # Reference: https://www.virustotal.com/gui/file/0fe1b8af019c074d64290edeaa34e98153fbb5253a7786850aac447a0ef97c1f/detection http://92.255.85.234 /LOGOGOGOGOX/gate.php /LOGOGOGOGOX/ # Reference: https://twitter.com/pr0xylife/status/1483388093931663363 plus-x.xsrv.jp/assets/oN0/ senior.tims.se/-/6s/ # Reference: https://twitter.com/pr0xylife/status/1483465871221833728 mail.agreatfurnitureplace.com/tibs/dVP6KA4UVKQvXOQj9IbyWDEodvgpmi/ /tibs/dVP6KA4UVKQvXOQj9IbyWDEodvgpmi/ /dVP6KA4UVKQvXOQj9IbyWDEodvgpmi/ # Reference: https://twitter.com/pr0xylife/status/1483481218192711685 tekbaz.com/assets/TLEgzl_04973/ /assets/TLEgzl_04973/ /TLEgzl_04973/ # Reference: https://twitter.com/pr0xylife/status/1483756704886145029 blog.incentivar.io/wp-admin/user/02_651977/ hot.valuemark.co.kr/-/928747-30/ mechvity.com/wp-admin-old/rU-26479181/ /-/928747-30/ /wp-admin-old/rU-26479181/ /wp-admin/user/02_651977/ # Reference: https://twitter.com/pr0xylife/status/1483735728421023745 http://92.255.57.195 9b-p.work/itdb/70OHUJJSFAHR29/ kastamonulezzetrehberi.com/cszc/rPJJUvdOz/ /cszc/rPJJUvdOz/ /itdb/70OHUJJSFAHR29/ /70OHUJJSFAHR29/ /rPJJUvdOz/ # Reference: https://twitter.com/pr0xylife/status/1483786823843422214 # Reference: https://twitter.com/pr0xylife/status/1483790907279396869 biorays.com.pk/-/954812233-1730/ okesitamari.sakura.ne.jp/PPC/V-18/ /-/954812233-1730/ /PPC/V-18/ # Reference: https://twitter.com/Max_Mal_/status/1483923458375434243 1.234.65.61:8080 114.79.130.68:443 159.65.163.220:443 198.27.67.35:8080 202.29.239.161:443 207.180.228.237:8081 62.141.45.103:443 # Reference: https://twitter.com/pr0xylife/status/1484098023160528897 new.maashantiskills.com/wp-admin/682_43/ quranthemepark.com/wp-content/OaIz2gBtm/ /wp-admin/682_43/ /wp-content/OaIz2gBtm/ # Reference: https://twitter.com/pr0xylife/status/1484124222289022976 benessere-consapevole.it/wp-admin/NPB1898801/ group.tims.se/4qj3vg/BB-64345/ jayambikadevelopers.com/jx8p/RYG-0/ leadrise.co/wp-includes/687669079_7470366/ /4qj3vg/BB-64345/ /jx8p/RYG-0/ /wp-admin/NPB1898801/ /wp-includes/687669079_7470366/ # Reference: https://twitter.com/pr0xylife/status/1484140551083544578 prestashop01.aftershipdemo.com/tools/apvQh9nJWhX3nurFayA6pIiggRG/ /tools/apvQh9nJWhX3nurFayA6pIiggRG/ /apvQh9nJWhX3nurFayA6pIiggRG/ # Reference: https://twitter.com/pr0xylife/status/1484170278162812930 mta-sts.mx.theblindgardener.com/-/1907950-190347/ miruva.net/cgi-bin/4391707824422/ /-/1907950-190347/ /cgi-bin/4391707824422/ # Reference: https://twitter.com/pr0xylife/status/1484182099913412616 proveedoramedica.mx/wp-admin/GGa3ZVRRdxRoASc0aZ1CHwLbZmD/ /wp-admin/GGa3ZVRRdxRoASc0aZ1CHwLbZmD/ /GGa3ZVRRdxRoASc0aZ1CHwLbZmD/ # Reference: https://twitter.com/pr0xylife/status/1484188438836355072 megatrussglobal.co.id/q4avd/tjzbD/ /q4avd/tjzbD/ # Reference: https://twitter.com/pr0xylife/status/1484198744467939341 u89134p84288.web0129.zxcs-klant.nl/pi0k52/4108946-164835382/ /pi0k52/4108946-164835382/ # Reference: https://twitter.com/pr0xylife/status/1484217511486922756 meicoe.com/wp-admin/jQ5K/ /wp-admin/jQ5K/ # Reference: https://twitter.com/Max_Mal_/status/1484520272078200834 hindimedia.in/wp-content/uploads/iXntuGFqLE31oHsTk/ /iXntuGFqLE31oHsTk/ # Reference: https://twitter.com/pr0xylife/status/1484592163241730053 eggsupgrillfranchise.com/wp-content/Wp4robwtHZX0inA/ /wp-content/Wp4robwtHZX0inA/ /Wp4robwtHZX0inA/ # Reference: https://twitter.com/DmitriyMelikov/status/1485027546173485056 clearph.flywheelsites.com/Fox-C/keCDee8C2D9GGNyQ/ /Fox-C/keCDee8C2D9GGNyQ/ /keCDee8C2D9GGNyQ/ # Reference: https://twitter.com/pr0xylife/status/1485561795544817670 ss100feet.com/b/t681UHJz/ /b/t681UHJz/ /t681UHJz/ # Reference: https://twitter.com/tosscoinwitcher/status/1485719577447198720 journeypropertysolutions.com/cterq/KeG/ /cterq/KeG/ # Reference: https://twitter.com/tosscoinwitcher/status/1485764790144299008 id-tiara.com/well-known/hbPI8/ royallifeagroindia.com/Fox-C/7H/ /Fox-C/7H/ /well-known/hbPI8/ # Reference: https://twitter.com/Max_Mal_/status/1485745211842125824 162.243.175.63:443 80.211.3.13:8080 # Reference: https://twitter.com/pr0xylife/status/1485913389188661253 crisbdev.com/wp-content/2dmXYgLVdkV/ dandtpremierhomes.com/eapn/lpN6dcAppn/ keluargamalaysia.bliblah.com/cgi-bin/FUzc3KOKN3DNeee/ pinnaclehomesusa.net/870xg9/pNp3a1iHCKaZwYEV/ pozhadvokat.com/images/QmZXA9kRUU8xZZF/ ppdbsma.insanrabbany.sch.id/gkvvb/sXVYo8HsPSFQh/ queens.renovatiog.ltd/wp-includes/LDH/ remedy.eventmasti.com/vendor/Y2XclYoCdDzSSua/ renovatiomarketing.com/renovatiomarketing.com/A/ rkeeperua.com/include/FXBsVAOd1U/ /870xg9/pNp3a1iHCKaZwYEV/ /cgi-bin/FUzc3KOKN3DNeee/ /eapn/lpN6dcAppn/ /gkvvb/sXVYo8HsPSFQh/ /images/QmZXA9kRUU8xZZF/ /include/FXBsVAOd1U/ /vendor/Y2XclYoCdDzSSua/ /wp-content/2dmXYgLVdkV/ /wp-includes/LDH/ /2dmXYgLVdkV/ /FUzc3KOKN3DNeee/ /FXBsVAOd1U/ /lpN6dcAppn/ /pNp3a1iHCKaZwYEV/ /QmZXA9kRUU8xZZF/ /sXVYo8HsPSFQh/ /Y2XclYoCdDzSSua/ # Reference: https://twitter.com/pr0xylife/status/1485961737186725889 tsuiterublog.com/-/l9YnV47ha/ /-/l9YnV47ha/ # Reference: https://twitter.com/pr0xylife/status/1486275859455561728 # Reference: https://twitter.com/pr0xylife/status/1486297619844550662 # Reference: https://pastebin.com/8pckk3Yc http://91.240.118.168 185.168.130.138:443 185.244.166.137:443 203.153.216.46:443 59.148.253.194:443 85.25.120.45:8080 unifiedpharma.com/wp-content/5arxM/ /wp-content/5arxM/ # Reference: https://twitter.com/pr0xylife/status/1486330580774096899 # Reference: https://pastebin.com/BmRcpvRs accessunited-bank.com/admin/hzIgVwq8btak/ artanddesign.one/wp-content/uploads/A2cZL7/ autodiscover.karlamejia.com/wp-admin/hcdnVlRIiwvTVrJjJEE/ connecticutsfinestmovers.com/Fox-C/mVwOqxT17gVWaE8E/ crmweb.info/bitrix/rc9XjtwF/ eleccom.shop/services/AEjSDj/ hotelamerpalace.com/Fox-C404/LEPqPJpt4Gbr8BHAn/ icfacn.com/runtime/n7qA2YStudp/ izocab.com/nashi-klienty/B5SC/ krezol-group.com/images/PmLGLKYeCBs5d/ ledcaopingdeng.com/wp-includes/Qq39yj7fpvk/ pigij.com/wp-admin/MVW5/ strawberry.kids-singer.net/assets_c/WAdvNT84Dmu/ unifiedpharma.com/wp-content/5arxM/ /Fox-C/mVwOqxT17gVWaE8E/ /Fox-C404/LEPqPJpt4Gbr8BHAn/ /admin/hzIgVwq8btak/ /assets_c/WAdvNT84Dmu/ /bitrix/rc9XjtwF/ /images/PmLGLKYeCBs5d/ /nashi-klienty/B5SC/ /runtime/n7qA2YStudp/ /services/AEjSDj/ /wp-admin/MVW5/ /wp-admin/hcdnVlRIiwvTVrJjJEE/ /wp-content/5arxM/ /wp-includes/Qq39yj7fpvk/ /5arxM/ /AEjSDj/ /LEPqPJpt4Gbr8BHAn/ /PmLGLKYeCBs5d/ /Qq39yj7fpvk/ /WAdvNT84Dmu/ /hcdnVlRIiwvTVrJjJEE/ /hzIgVwq8btak/ /mVwOqxT17gVWaE8E/ /n7qA2YStudp/ /rc9XjtwF/ # Reference: https://twitter.com/1ZRR4H/status/1486124169091764230 # Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-01-25_Emotet_DownloadURLs http://47.244.189.73/well-known/FUk/ 1asehrgut.com/dup-installer/3vESrkJAS97l/ 23brickstreet.com/wp-content/aTIYB3QYHZt/ 247entertainment.com.ng/95p3tu4h/5590702_1274/ 3dinspection.demowork.com/WDISOFTWARE.COM/82298/ 9b-p.work/itdb/vC0S9E4XvEsWOUzHKBN3f0Oa/ a.easeth.work/assets/gWVDvw94/ acorngift.com/wp-content/YhNgI/ activelab.in/3bu04/JZ82197190/ agrawaljeweller.com/Fox-C404/5SeLz/ aimeos.softuvo.xyz/packages/fJFU3vLxRUrtA/ ajkersomaj.com/wp-admin/ThBwKpUbIffmrepRg/ allfurdogs.co.uk/wp-content/R1U2sJfwWdrdUjB/ alshamselectrodxb.com/wp-includes/BkJEMQZWgRGc2DCFcsCRt/ althyplane.com/wp-admin/ELWa8YcOqlJn/ amazonas.apiperu.net.pe/0rjb/AbwjpKtyXuT6hg3Qmws03SWB/ ancyh.xyz/Fox-C/LxAhgyO3fMg/ andamedya.net/images/jTDdjmag0X6cnUOZ5VUb/ animalkingdompro.com/wp-includes/dal5pzmAyo6zx2lRk1sdTGZOnJwED/ aoringo-web-creating.com/backup_1/R73800878/ apexsecure.co.uk/content/5wR/ api.task-lite.com/-/T3owojW5fwBduO6K/ apple-service93.ru/wp-includes/JNeOtB9da67l1NjAeEh5/ arcgakuin-dev2.sukoburu-secure.com/l35uhr/R1evmjjhga/ arqua.com.br/siteantigo/gYDoYUIWNgc8kTHDRY7dXlFjah3/ artncraft.uk/inflatable/rg2UWzOeIfuJoYYdVeTOSQ84ki/ ashamedicalsystem.com/1dgdm/942YLPAEMF-1800/ aurumtiles.in/wrydht5j/XpCeIk5IBAjrssqMVR/ avionxpress.com/lp/HyMifM/ bakedfusion.in/fmzm/OOZFzi2sR/ bandenmarkt.com/wp-content/HXN_79786/ bbw918.com/wordpress/5T74ZZzUhvWy4s3P5IrrWc/ behaviouralworkshop.com/msuvpkl/9qWc9TvYVwZ8XMRII3nEXYt0vzfj/ betablog.summertowndental.co.uk/i4x38z/0eH5CC82TXFnK/ bharathibookhouse.in/i870/DyzzViAvZ1k4Djhfp0fSs6XDz/ bimesarayenovin.ir/wp-admin/z464/ blasieholmen-staging.tokig.site/b/SOcGvzIi31HDg/ blog.aeromus.com/-/M_00/ blog.incentivar.io/wp-admin/user/ blog.loanvalley.in/b/dNXOaOWeWFUSgPTAGgnfWqHbWSsLHL/ blog.oo0oo.ml/wp-content/Y_4901983/ brightersevents.com/b/7948QcbkoEsvWXw20/ buildotech.com/hijy/WYHGC31/ buyluxurycard.com/wp-includes/BtgIhhz766h/ callao.apiperu.net.pe/assets/674489-72871/ cambridge-business.com/cambridge-business.com/Qm/ canvassea.com/qjxnz/wkpfvi9/ carmdaksh.org/Fox-C404/7l4siIWb771k0pTG/ carmdaksh.org/uignbip/YLTZ-82812903/ casinobetflix.work/wp-includes/aoItn4LAZOeLFrFLe3oTe6D/ cce.edu.in/admin/Z6RV47bMBr/ changeyourcommunitynow.com/s1hf7qm/TqcrwYcOiqV8fWA/ chiukim.com/1nshiol/iLIrpGeSGV/ chupahfashion.com/eh6bwxk/bowptl/ chuyenphatgiare.com/hs8p/900YXVA7951631/ cisjamaica.com/0av60391igppygl/1z1X71JLLaFEVLixpoa0VPHWT/ clatmagazine.com/p8wl/ZQIX_635174/ climate.thecedarcentre.org/cgi-bin/3eseeNZ/ colegiul-nenitescu-craiova.ro/wp-content/U8fhXoOvlBA/ comsatnet.com/ComsatNet/ydx_7693371/ connecticutsfinestmovers.com/Fox-C/r32O7xxv/ crisbdev.com/wp-content/2dmXYgLVdkV/ cursossemana.com/wp-content/hwPhjzWAObGEmQeJcdTXei/ cusco.apiperu.net.pe/assets/491521837-543255/ daisy.sukoburu-secure.com/assets/qrwbWpSM/ dandtpremierhomes.com/eapn/lpN6dcAppn/ delmarpropertyservices.com/nw1t8jj/NUrSuFyX6P/ demo.avionxpress.com/rbud/OarPTbpwW/ desertsafari.in/wp-includes/362-0857084/ digitalizemarketing.com.br/assets/4ufnr0wnClgtuYlRqhldS/ dijorge.com.br/wp-includes/ooxopS2V9FUS/ dinkovtips.ml/cgi-bin/sXvte2203SpdPZ/ do-cloclo.com/wp-admin/qj0lJaZOOsjYA2l/ dreamcityimprov.com/d5759pd/yzbV45v1nY/ dreamcityloveaffair.com/60bv5/RG9Kb1qRlQ/ dreamdancefactory.clnetworktv.com/zegsgpzq/CT75/ dreamproductionsfl.com/tmw8t/Szjjcj5mU1ZA/ dynmsol.com/wp-admin/k-8744534/ e-klimatherm.nl/wp-admin/SLo9dXmfhIXYnKktAQeK/ e.apiperu.pro/assets/V0QSHDCqgff5BGjWjkjqF/ e.zpesport.com/e.zpesport.com/VEC-5303/ ecoplastindia.in/Fox-C404/j3Ct9hkL8ab384G4iyTeVFsA/ ekamjewels.com/anklet/WQG1/ entradas.feriaautopartes.com/-/t9QkwV/ esakip.dev.semarangkab.go.id/application/Ai4/ fifa69.com/wp-content/cwozYw9/ firstfitschool.com/83wg6z/oUCHXJmm/ fomobaby.app/3kyd3/5t7USfWBs/ freereadmanga.com/temp/kWqpQne3uZc6n/ fse.in.ua/layouts/J_807/ gardeningfilm.com/wp-content/Ef/ gardinia.futuristic.agency/wp-admin/MWFnOC3Ajrg2QuXzM/ geetanjaliconstructions.com/gallery_js/j0au/ geetbuilders.com/Fox-C404/696210_98/ globaltravelsupply.lt/wp-content/965146888536432/ gorajautomation.com/Fox-C404/0Yu4rviR3soc4brPraTpbjS/ graphicsbox.xyz/wp-admin/2DwIO6Ftdj18HM5HQvY2vY8H/ greedyparrot.in/ot4m/nb5o6XYmtTp1UM/ groverelectronics.com/gg6whli/PLLULWLhssdrHryZq6kMwlrGO/ gzesa.net/wp-includes/ID3/ gzndfit.com/520/783723_87/ harshdeeppackersmovers.com/Fox-C404/757068_8033064/ hindimedia.in/wp-content/uploads/ hoianorganic.com.vn/application/219509BAIGPVI_72741909/ hostfeeling.com/wp-admin/DidtoZk2EEc7BWXyhh/ hot.valuemark.co.kr/-/3Fd5rT2IPnPGtpcb8icrmA0GuG7uC/ hotelamerpalace.com/shbq7c5/PyIZQF/ hotelimperialsabre.in/Fox-C404/icdmlKbu19korKtn7Pm1n/ huanuco.apiperu.net.pe/assets/4KJDtTV80LvZ/ huanuco.apiperu.net.pe/assets/54291128YDZOBQG_2259/ hydropneumaticsengg.in/wng0mn/KZLX_51984960/ ica.apiperu.net.pe/assets/685_954/ icsesmedya.com/wp-content/k9ExQlAn/ id-tiara.com/ulcdx/573JLRPNWOJNL_45439/ id-tiara.com/well-known/hbPI8/ imuba.metodista.org.br/b/fBY0JW2ecXebkSHJ5uOUW83BwLE41h/ is-webs.com/assets/25XvohagUPT7Bl/ ishaanbuilders.com/Fox-C404/920-1417425/ iwannago.dev.bizapps.sg/axedi/gtlf2pXOavEAOR/ jointoperations2.com/wo1y/8Lyk9cFBTXThS1MAIpqc/ journeypropertysolutions.com/cterq/KeG/ junin.apiperu.net.pe/assets/4281391_0/ jwellery.fameitc.com/wp-includes/wQK7z9cEcwWCUG/ jzclcj.com/wp-admin/P/ kanhafuncity.com/Fox-C404/iKiX9w2MLkrGpgzORQMw42NyOKkg/ kanudata.co.id/phpmyadmin/W65YRbYD6qbjnb6b6dQBn7Ob/ khustle.com/cgi-bin/jz381CkM5gYgMH/ kiaraskinclinic.in/Fox-C404/n384OzWdFmh7fhtKsBQtwxb/ kimjikuk.luxeone.cn/app/77P/ kleenskinstudio.com/wp-admin/0XCIyatvv2fEO60/ kleenskinstudio.com/wp-admin/gbzInh4is4/ lalibertad.apiperu.net.pe/assets/25308472603405/ lambayeque.apiperu.net.pe/assets/2823-85860/ leadrise.co/Fox-C/cHQyqqLXP/ leadrise.co/wp-includes/687669079_7470366/ lencentr.ru/css/TQDy95IkYBzGlyS/ liladevelopers.in/js/qTt4eaAvhkiJatRiVyuLfQHCJjv/ logomastery.com/quiadolorem/JcVx_2895/ loreto.apiperu.net.pe/assets/C3ppTh8jUD735Hs/ lpm.fk.ub.ac.id/Fox-C/UAjVAqGlQ2q1AMgu/ lpm.fk.ub.ac.id/Fox-C/pZMP/ luxuryamir.com/ry8e7l/hmD_67/ madrededios.apiperu.net.pe/assets/PqzacGq9So/ magento23.aftershipdemo.com/wp-content/srTR05DcUtWQlQ2oKWc/ mahaalaxmi.com/qtnvsd/M0El2dMFwwYdE35w/ mail.shahnazsiddiqa.com/wp-admin/ZGNOqgXX6l/ mangaloresoundandlights.com/stage-lighting-frontend/qmDjYcDpzeR0Z/ medfited.org/wp-admin/U4O2u0vFjZfD9g0wxu/ meicoe.com/wp-admin/jQ5K/ meigue.com/wp-admin/1215600SMVYHIPQ_8765467/ mendesauditoria.com.br/b/820375880-368251/ mex035.com/8/nkHeia_6/ miturugi.main.jp/wp-includes/v3uNd45II43Jd4qsucjS/ mmctextiles.com/8obf4yy7/wKzlby4uF6a/ moneymagnetentertainment.com/pz66t8y/Bd0sR0htA8mHibNJrk/ monorailegypt.com/wp-admin/65879-18/ moon-machinery.com/content/n6yNz/ moquegua.apiperu.net.pe/2clo/oQQQbv9gqXzQMAjIU5ZP1UsCFrFG/ multimaticsnigeria.com.ng/-/1VzCkMJDcptWi9/ multimaticsnigeria.com.ng/-/DFqzS-047805/ myartopus.com/rv5r/ul_87504855/ myflashnet.id/cgi-bin/964104765/ myshoppee.com/Fox-C404/UnJC7Wa7MtDCt/ nameyq.ltd/wp-includes/O6T4F0h7ZH76B8/ newalthyplane.com.althyplane.com/dmcbg7s/X4bbl6/ omegavisual.softuvo.xyz/wp-includes/oJcqfbt4k/ onebet.co.ug/wp-content/MIY0/ ordereasy.hk/error/jzFDH4/ orientbuffet.eu/administrator/9WZ/ otium.cv.opentecsuporte.com/cache/UE-4209701/ padhehindime.com/wp-admin/OXPuzZwlE1bd0/ padsea.cn/unmisgivingly/KTkHkPn3LgXEThsfz5NlggvdLnm/ paraslifestyles.com/Fox-C404/G2tVXgQ/ partnersingrime.webguysdemo.co.uk/lbsbwm9/59261762921656/ pasionportufuturo.pe/wp-content/k-2683324/ pelangi.kim.banjarbarukota.go.id/cgi-bin/CSoKTKMhM7ykoH9NaGmDN62Y5D/ peterpolz.to-create.eu/ahzh7o/ycPb764/ philiatek.com/wp-content/i6xZ9PESl4QAWL9O/ pinnaclehomesusa.net/870xg9/pNp3a1iHCKaZwYEV/ pozhadvokat.com/images/QmZXA9kRUU8xZZF/ ppdbsma.insanrabbany.sch.id/gkvvb/sXVYo8HsPSFQh/ ppdbsmp.insanrabbany.sch.id/assets/eofgaHjWVR9o/ prestashop02.aftershipdemo.com/tools/97337005-53900344/ prod1.saffyr.com/Fox-C404/X/ prod2.saffyr.com/Fox-C404/CDQLYAeSg9Jljt9KFITZmGIYy8p/ prod5.saffyr.com/Fox-C404/WVEA_5134829/ puno.apiperu.net.pe/assets/y0ls0iATNeUQnze8mB2iNN6/ qingtianxcx.top/wp-admin/0aJby7Naal/ queenofluv.com/uemsub/peLSdHCvfhkge/ rajanraz.in/cd8zman/IdyeTFbMHK/ realthadin.net/mail.realthadin.net/3eBmlximmBRL8weEHAAakk8pcommcW/ remedy.eventmasti.com/vendor/Y2XclYoCdDzSSua/ reservegarden.com/wp-content/NFmvutcfH2e/ rovews.com/wp-admin/910324_905/ royallifeagroindia.com/Fox-C/7H/ royallifeagroindia.com/ajax/X56zzJNk/ russian-coins.info/libraries/8oDzr/ salamrejo-selopampang.temanggungkab.go.id/assets/fRKKEQ1fahWTZVebhLirgZTVz/ sanmartin.apiperu.net.pe/assets/80038-36409194/ seaboardpark.com/designthemesq/Um2OvSdjAor/ sekolahfundraising.pirac.org/unsun/uCEjCXKQkpnD3NOA/ serwer2006056.home.pl/u3ov/DIwNq5j2uSoA7Mp/ shahnazsiddiqa.com/wp-admin/V_6/ shankarfoodconsultant.com/Fox-C/OQNPZNgv1/ sheenhosting.com/OneDrive/knwgPOUZbOi4/ shrikrishana.com/b/IeuULjJZ9bA9Nx5Hw7o0lvzMoD/ shriramcarehospital.in/uploads/x78ylzb2hc009kZ/ sigmalabssvg.com/b/GNP/ silentunevents.com/br7h/TLUjR11DhgrTRvAPuilN/ simproce.com/731u/PC_874195037/ site.aau.edu.et/pigeonholer/9/ softstructures.net/-/54343_4592410/ softuvo.softuvo.xyz/wp-includes/v_3296761/ soomaal.softuvo.xyz/wp-includes/lttxc-90473/ springwoodminingservices.com/wp-admin/css/ ss100feet.com/b/t681UHJz/ stchurch.tw/05p6bn/f7a15g1p/ superconstruction.in/backup/87817825_032/ te.pppleohhh.xyz/test/602921829358/ thewritingmachinecompany.com/Browallia/eQJ8wRZ9uorbfNaPkCtd/ thoatvidiademhoaan.com/b/339274-4519466/ tranhgohoangthiet.com/Fox-C/baNobAm4k/ tsuiterublog.com/-/l9YnV47ha/ tulsiprasad.com.np/wp-content/Kfk0thLgiKAAts9rXnuc0RUQE/ tumbes.apiperu.net.pe/assets/TXQEAUBMidPZ/ txingame.com/wp-content/783990910_42557/ v-realty.ae/wp-content/JsV9XKZJ5HyDtF6Kl20/ voyager.softuvo.xyz/css/027802_19491/ webaseen.bizdesign.org.il/0plrp/8527_13009/ webtuc.com/nkxmumv/45743094_88559759/ wonokerso-pringsurat.temanggungkab.go.id/assets/sAAo8a/ wordpress02.aftershipdemo.com/dwo2/Biiu7vVWCeH0JJHy7WWsdiZKKtWLX/ wordpress02.aftershipdemo.com/dwo2/o99j2dXfRdd/ wordpress05.aftershipdemo.com/w4gfdi/mGgE87/ wordpress08.aftershipdemo.com/yqlo/H6bEHTcVY0/ wordpress08.aftershipdemo.com/yqlo/TGwxAKnq95Mt0Cfy2TfCI/ wordpress10.aftershipdemo.com/vbvqj/J_347/ wordpress11.aftershipdemo.com/wordpress/C3zK3UjSC7s7xyrM8j8YMdS/ wordpress12.aftershipdemo.com/wordpress/0883248-60/ wordpress14.aftershipdemo.com/wordpress/7237_390/ wordpress15.aftershipdemo.com/wordpress/fGmhYvSkc8uJu/ xn--12cmbj7eucdlsj9icqc9ombzhzc.com/wp-includes/Qg8e85/ xn--72cg7aqv0asf6bd3ec3rla.com/epistemic/YTXM7fKa7dZWSvV/ yjhgov.work/images/4YhKPqWeoAo2sakyrR5BR43/ znzhou.top/wp-admin/5384_0163087/ znzhou.top /-/1VzCkMJDcptWi9/ /-/3Fd5rT2IPnPGtpcb8icrmA0GuG7uC/ /-/54343_4592410/ /-/DFqzS-047805/ /-/M_00/ /-/T3owojW5fwBduO6K/ /-/l9YnV47ha/ /-/t9QkwV/ /05p6bn/f7a15g1p/ /0av60391igppygl/1z1X71JLLaFEVLixpoa0VPHWT/ /0plrp/8527_13009/ /0rjb/AbwjpKtyXuT6hg3Qmws03SWB/ /1dgdm/942YLPAEMF-1800/ /1nshiol/iLIrpGeSGV/ /2clo/oQQQbv9gqXzQMAjIU5ZP1UsCFrFG/ /3bu04/JZ82197190/ /3kyd3/5t7USfWBs/ /520/783723_87/ /60bv5/RG9Kb1qRlQ/ /731u/PC_874195037/ /8/nkHeia_6/ /83wg6z/oUCHXJmm/ /870xg9/pNp3a1iHCKaZwYEV/ /8obf4yy7/wKzlby4uF6a/ /95p3tu4h/5590702_1274/ /Browallia/eQJ8wRZ9uorbfNaPkCtd/ /ComsatNet/ydx_7693371/ /Fox-C/7H/ /Fox-C/LxAhgyO3fMg/ /Fox-C/OQNPZNgv1/ /Fox-C/UAjVAqGlQ2q1AMgu/ /Fox-C/baNobAm4k/ /Fox-C/cHQyqqLXP/ /Fox-C/pZMP/ /Fox-C/r32O7xxv/ /Fox-C404/0Yu4rviR3soc4brPraTpbjS/ /Fox-C404/5SeLz/ /Fox-C404/696210_98/ /Fox-C404/757068_8033064/ /Fox-C404/7l4siIWb771k0pTG/ /Fox-C404/920-1417425/ /Fox-C404/CDQLYAeSg9Jljt9KFITZmGIYy8p/ /Fox-C404/G2tVXgQ/ /Fox-C404/UnJC7Wa7MtDCt/ /Fox-C404/WVEA_5134829/ /Fox-C404/X/ /Fox-C404/iKiX9w2MLkrGpgzORQMw42NyOKkg/ /Fox-C404/icdmlKbu19korKtn7Pm1n/ /Fox-C404/j3Ct9hkL8ab384G4iyTeVFsA/ /Fox-C404/n384OzWdFmh7fhtKsBQtwxb/ /OneDrive/knwgPOUZbOi4/ /WDISOFTWARE.COM/82298/ /admin/Z6RV47bMBr/ /administrator/9WZ/ /ahzh7o/ycPb764/ /ajax/X56zzJNk/ /anklet/WQG1/ /app/77P/ /application/219509BAIGPVI_72741909/ /application/Ai4/ /assets/25308472603405/ /assets/25XvohagUPT7Bl/ /assets/2823-85860/ /assets/4281391_0/ /assets/491521837-543255/ /assets/4KJDtTV80LvZ/ /assets/4ufnr0wnClgtuYlRqhldS/ /assets/54291128YDZOBQG_2259/ /assets/674489-72871/ /assets/685_954/ /assets/80038-36409194/ /assets/C3ppTh8jUD735Hs/ /assets/PqzacGq9So/ /assets/TXQEAUBMidPZ/ /assets/V0QSHDCqgff5BGjWjkjqF/ /assets/eofgaHjWVR9o/ /assets/fRKKEQ1fahWTZVebhLirgZTVz/ /assets/gWVDvw94/ /assets/qrwbWpSM/ /assets/sAAo8a/ /assets/y0ls0iATNeUQnze8mB2iNN6/ /axedi/gtlf2pXOavEAOR/ /b/339274-4519466/ /b/7948QcbkoEsvWXw20/ /b/820375880-368251/ /b/GNP/ /b/IeuULjJZ9bA9Nx5Hw7o0lvzMoD/ /b/SOcGvzIi31HDg/ /b/dNXOaOWeWFUSgPTAGgnfWqHbWSsLHL/ /b/fBY0JW2ecXebkSHJ5uOUW83BwLE41h/ /b/t681UHJz/ /backup/87817825_032/ /backup_1/R73800878/ /br7h/TLUjR11DhgrTRvAPuilN/ /cache/UE-4209701/ /cambridge-business.com/Qm/ /cd8zman/IdyeTFbMHK/ /cgi-bin/3eseeNZ/ /cgi-bin/964104765/ /cgi-bin/CSoKTKMhM7ykoH9NaGmDN62Y5D/ /cgi-bin/jz381CkM5gYgMH/ /cgi-bin/sXvte2203SpdPZ/ /content/5wR/ /content/n6yNz/ /css/027802_19491/ /css/TQDy95IkYBzGlyS/ /cterq/KeG/ /d5759pd/yzbV45v1nY/ /designthemesq/Um2OvSdjAor/ /dmcbg7s/X4bbl6/ /dup-installer/3vESrkJAS97l/ /dwo2/Biiu7vVWCeH0JJHy7WWsdiZKKtWLX/ /dwo2/o99j2dXfRdd/ /e.zpesport.com/VEC-5303/ /eapn/lpN6dcAppn/ /eh6bwxk/bowptl/ /epistemic/YTXM7fKa7dZWSvV/ /error/jzFDH4/ /fmzm/OOZFzi2sR/ /gallery_js/j0au/ /gg6whli/PLLULWLhssdrHryZq6kMwlrGO/ /gkvvb/sXVYo8HsPSFQh/ /hijy/WYHGC31/ /hs8p/900YXVA7951631/ /i4x38z/0eH5CC82TXFnK/ /i870/DyzzViAvZ1k4Djhfp0fSs6XDz/ /images/4YhKPqWeoAo2sakyrR5BR43/ /images/QmZXA9kRUU8xZZF/ /images/jTDdjmag0X6cnUOZ5VUb/ /inflatable/rg2UWzOeIfuJoYYdVeTOSQ84ki/ /itdb/vC0S9E4XvEsWOUzHKBN3f0Oa/ /js/qTt4eaAvhkiJatRiVyuLfQHCJjv/ /l35uhr/R1evmjjhga/ /layouts/J_807/ /lbsbwm9/59261762921656/ /libraries/8oDzr/ /lp/HyMifM/ /mail.realthadin.net/3eBmlximmBRL8weEHAAakk8pcommcW/ /msuvpkl/9qWc9TvYVwZ8XMRII3nEXYt0vzfj/ /nkxmumv/45743094_88559759/ /nw1t8jj/NUrSuFyX6P/ /ot4m/nb5o6XYmtTp1UM/ /p8wl/ZQIX_635174/ /packages/fJFU3vLxRUrtA/ /phpmyadmin/W65YRbYD6qbjnb6b6dQBn7Ob/ /pigeonholer/9/ /pz66t8y/Bd0sR0htA8mHibNJrk/ /qjxnz/wkpfvi9/ /qtnvsd/M0El2dMFwwYdE35w/ /quiadolorem/JcVx_2895/ /rbud/OarPTbpwW/ /rv5r/ul_87504855/ /ry8e7l/hmD_67/ /s1hf7qm/TqcrwYcOiqV8fWA/ /shbq7c5/PyIZQF/ /siteantigo/gYDoYUIWNgc8kTHDRY7dXlFjah3/ /stage-lighting-frontend/qmDjYcDpzeR0Z/ /temp/kWqpQne3uZc6n/ /test/602921829358/ /tmw8t/Szjjcj5mU1ZA/ /tools/97337005-53900344/ /u3ov/DIwNq5j2uSoA7Mp/ /uemsub/peLSdHCvfhkge/ /uignbip/YLTZ-82812903/ /ulcdx/573JLRPNWOJNL_45439/ /unmisgivingly/KTkHkPn3LgXEThsfz5NlggvdLnm/ /unsun/uCEjCXKQkpnD3NOA/ /uploads/x78ylzb2hc009kZ/ /vbvqj/J_347/ /vendor/Y2XclYoCdDzSSua/ /w4gfdi/mGgE87/ /well-known/FUk/ /well-known/hbPI8/ /wng0mn/KZLX_51984960/ /wo1y/8Lyk9cFBTXThS1MAIpqc/ /wordpress/0883248-60/ /wordpress/5T74ZZzUhvWy4s3P5IrrWc/ /wordpress/7237_390/ /wordpress/C3zK3UjSC7s7xyrM8j8YMdS/ /wordpress/fGmhYvSkc8uJu/ /wp-admin/0XCIyatvv2fEO60/ /wp-admin/0aJby7Naal/ /wp-admin/1215600SMVYHIPQ_8765467/ /wp-admin/2DwIO6Ftdj18HM5HQvY2vY8H/ /wp-admin/5384_0163087/ /wp-admin/65879-18/ /wp-admin/910324_905/ /wp-admin/DidtoZk2EEc7BWXyhh/ /wp-admin/ELWa8YcOqlJn/ /wp-admin/MWFnOC3Ajrg2QuXzM/ /wp-admin/OXPuzZwlE1bd0/ /wp-admin/P/ /wp-admin/SLo9dXmfhIXYnKktAQeK/ /wp-admin/ThBwKpUbIffmrepRg/ /wp-admin/U4O2u0vFjZfD9g0wxu/ /wp-admin/V_6/ /wp-admin/ZGNOqgXX6l/ /wp-admin/gbzInh4is4/ /wp-admin/jQ5K/ /wp-admin/k-8744534/ /wp-admin/qj0lJaZOOsjYA2l/ /wp-admin/user/ /wp-admin/z464/ /wp-content/2dmXYgLVdkV/ /wp-content/783990910_42557/ /wp-content/965146888536432/ /wp-content/Ef/ /wp-content/HXN_79786/ /wp-content/JsV9XKZJ5HyDtF6Kl20/ /wp-content/Kfk0thLgiKAAts9rXnuc0RUQE/ /wp-content/MIY0/ /wp-content/NFmvutcfH2e/ /wp-content/R1U2sJfwWdrdUjB/ /wp-content/U8fhXoOvlBA/ /wp-content/Y_4901983/ /wp-content/YhNgI/ /wp-content/aTIYB3QYHZt/ /wp-content/cwozYw9/ /wp-content/hwPhjzWAObGEmQeJcdTXei/ /wp-content/i6xZ9PESl4QAWL9O/ /wp-content/k-2683324/ /wp-content/k9ExQlAn/ /wp-content/srTR05DcUtWQlQ2oKWc/ /wp-includes/362-0857084/ /wp-includes/687669079_7470366/ /wp-includes/BkJEMQZWgRGc2DCFcsCRt/ /wp-includes/BtgIhhz766h/ /wp-includes/ID3/ /wp-includes/JNeOtB9da67l1NjAeEh5/ /wp-includes/O6T4F0h7ZH76B8/ /wp-includes/Qg8e85/ /wp-includes/aoItn4LAZOeLFrFLe3oTe6D/ /wp-includes/dal5pzmAyo6zx2lRk1sdTGZOnJwED/ /wp-includes/lttxc-90473/ /wp-includes/oJcqfbt4k/ /wp-includes/ooxopS2V9FUS/ /wp-includes/v3uNd45II43Jd4qsucjS/ /wp-includes/v_3296761/ /wp-includes/wQK7z9cEcwWCUG/ /wrydht5j/XpCeIk5IBAjrssqMVR/ /yqlo/H6bEHTcVY0/ /yqlo/TGwxAKnq95Mt0Cfy2TfCI/ /zegsgpzq/CT75/ /027802_19491/ /0883248-60/ /0XCIyatvv2fEO60/ /0Yu4rviR3soc4brPraTpbjS/ /0aJby7Naal/ /0eH5CC82TXFnK/ /1215600SMVYHIPQ_8765467/ /1VzCkMJDcptWi9/ /1z1X71JLLaFEVLixpoa0VPHWT/ /219509BAIGPVI_72741909/ /25308472603405/ /25XvohagUPT7Bl/ /2823-85860/ /2DwIO6Ftdj18HM5HQvY2vY8H/ /2dmXYgLVdkV/ /339274-4519466/ /362-0857084/ /3Fd5rT2IPnPGtpcb8icrmA0GuG7uC/ /3eBmlximmBRL8weEHAAakk8pcommcW/ /3eseeNZ/ /3vESrkJAS97l/ /4281391_0/ /45743094_88559759/ /491521837-543255/ /4KJDtTV80LvZ/ /4YhKPqWeoAo2sakyrR5BR43/ /4ufnr0wnClgtuYlRqhldS/ /5384_0163087/ /54291128YDZOBQG_2259/ /54343_4592410/ /5590702_1274/ /573JLRPNWOJNL_45439/ /59261762921656/ /5SeLz/ /5T74ZZzUhvWy4s3P5IrrWc/ /5t7USfWBs/ /602921829358/ /65879-18/ /674489-72871/ /685_954/ /687669079_7470366/ /696210_98/ /7237_390/ /757068_8033064/ /783723_87/ /783990910_42557/ /7948QcbkoEsvWXw20/ /7l4siIWb771k0pTG/ /80038-36409194/ /820375880-368251/ /8527_13009/ /87817825_032/ /8Lyk9cFBTXThS1MAIpqc/ /8oDzr/ /900YXVA7951631/ /910324_905/ /920-1417425/ /942YLPAEMF-1800/ /964104765/ /965146888536432/ /97337005-53900344/ /9qWc9TvYVwZ8XMRII3nEXYt0vzfj/ /AbwjpKtyXuT6hg3Qmws03SWB/ /Bd0sR0htA8mHibNJrk/ /Biiu7vVWCeH0JJHy7WWsdiZKKtWLX/ /BkJEMQZWgRGc2DCFcsCRt/ /BtgIhhz766h/ /C3ppTh8jUD735Hs/ /C3zK3UjSC7s7xyrM8j8YMdS/ /CDQLYAeSg9Jljt9KFITZmGIYy8p/ /CSoKTKMhM7ykoH9NaGmDN62Y5D/ /DFqzS-047805/ /DIwNq5j2uSoA7Mp/ /DidtoZk2EEc7BWXyhh/ /DyzzViAvZ1k4Djhfp0fSs6XDz/ /ELWa8YcOqlJn/ /G2tVXgQ/ /H6bEHTcVY0/ /HXN_79786/ /HyMifM/ /IdyeTFbMHK/ /IeuULjJZ9bA9Nx5Hw7o0lvzMoD/ /JNeOtB9da67l1NjAeEh5/ /JZ82197190/ /JcVx_2895/ /JsV9XKZJ5HyDtF6Kl20/ /KTkHkPn3LgXEThsfz5NlggvdLnm/ /KZLX_51984960/ /Kfk0thLgiKAAts9rXnuc0RUQE/ /LxAhgyO3fMg/ /M0El2dMFwwYdE35w/ /MWFnOC3Ajrg2QuXzM/ /NFmvutcfH2e/ /NUrSuFyX6P/ /O6T4F0h7ZH76B8/ /OOZFzi2sR/ /OQNPZNgv1/ /OXPuzZwlE1bd0/ /OarPTbpwW/ /PC_874195037/ /PLLULWLhssdrHryZq6kMwlrGO/ /PqzacGq9So/ /PyIZQF/ /Qg8e85/ /QmZXA9kRUU8xZZF/ /R1U2sJfwWdrdUjB/ /R1evmjjhga/ /R73800878/ /RG9Kb1qRlQ/ /SLo9dXmfhIXYnKktAQeK/ /SOcGvzIi31HDg/ /Szjjcj5mU1ZA/ /T3owojW5fwBduO6K/ /TGwxAKnq95Mt0Cfy2TfCI/ /TLUjR11DhgrTRvAPuilN/ /TQDy95IkYBzGlyS/ /TXQEAUBMidPZ/ /ThBwKpUbIffmrepRg/ /TqcrwYcOiqV8fWA/ /U4O2u0vFjZfD9g0wxu/ /U8fhXoOvlBA/ /UAjVAqGlQ2q1AMgu/ /UE-4209701/ /Um2OvSdjAor/ /UnJC7Wa7MtDCt/ /V0QSHDCqgff5BGjWjkjqF/ /VEC-5303/ /W65YRbYD6qbjnb6b6dQBn7Ob/ /WVEA_5134829/ /WYHGC31/ /X4bbl6/ /X56zzJNk/ /XpCeIk5IBAjrssqMVR/ /Y2XclYoCdDzSSua/ /YLTZ-82812903/ /YTXM7fKa7dZWSvV/ /Y_4901983/ /YhNgI/ /Z6RV47bMBr/ /ZGNOqgXX6l/ /ZQIX_635174/ /aTIYB3QYHZt/ /aoItn4LAZOeLFrFLe3oTe6D/ /baNobAm4k/ /bowptl/ /cHQyqqLXP/ /cwozYw9/ /dNXOaOWeWFUSgPTAGgnfWqHbWSsLHL/ /dal5pzmAyo6zx2lRk1sdTGZOnJwED/ /eQJ8wRZ9uorbfNaPkCtd/ /eofgaHjWVR9o/ /f7a15g1p/ /fBY0JW2ecXebkSHJ5uOUW83BwLE41h/ /fGmhYvSkc8uJu/ /fJFU3vLxRUrtA/ /fRKKEQ1fahWTZVebhLirgZTVz/ /gWVDvw94/ /gYDoYUIWNgc8kTHDRY7dXlFjah3/ /gbzInh4is4/ /gtlf2pXOavEAOR/ /hbPI8/ /hmD_67/ /hwPhjzWAObGEmQeJcdTXei/ /i6xZ9PESl4QAWL9O/ /iKiX9w2MLkrGpgzORQMw42NyOKkg/ /iLIrpGeSGV/ /icdmlKbu19korKtn7Pm1n/ /j3Ct9hkL8ab384G4iyTeVFsA/ /jTDdjmag0X6cnUOZ5VUb/ /jz381CkM5gYgMH/ /jzFDH4/ /k-2683324/ /k-8744534/ /k9ExQlAn/ /kWqpQne3uZc6n/ /knwgPOUZbOi4/ /l9YnV47ha/ /lpN6dcAppn/ /lttxc-90473/ /mGgE87/ /n384OzWdFmh7fhtKsBQtwxb/ /n6yNz/ /nb5o6XYmtTp1UM/ /nkHeia_6/ /o99j2dXfRdd/ /oJcqfbt4k/ /oQQQbv9gqXzQMAjIU5ZP1UsCFrFG/ /oUCHXJmm/ /ooxopS2V9FUS/ /pNp3a1iHCKaZwYEV/ /peLSdHCvfhkge/ /qTt4eaAvhkiJatRiVyuLfQHCJjv/ /qj0lJaZOOsjYA2l/ /qmDjYcDpzeR0Z/ /qrwbWpSM/ /r32O7xxv/ /rg2UWzOeIfuJoYYdVeTOSQ84ki/ /sAAo8a/ /sXVYo8HsPSFQh/ /sXvte2203SpdPZ/ /srTR05DcUtWQlQ2oKWc/ /t681UHJz/ /t9QkwV/ /uCEjCXKQkpnD3NOA/ /ul_87504855/ /v3uNd45II43Jd4qsucjS/ /vC0S9E4XvEsWOUzHKBN3f0Oa/ /v_3296761/ /wKzlby4uF6a/ /wQK7z9cEcwWCUG/ /wkpfvi9/ /x78ylzb2hc009kZ/ /y0ls0iATNeUQnze8mB2iNN6/ /ycPb764/ /ydx_7693371/ /yzbV45v1nY/ # Reference: https://app.any.run/tasks/7f1c823b-35d9-451e-908e-a41d1712b018/ 159.69.43.124:8080 sesco-ks.com/wp-content/0Uuf/ /wp-content/0Uuf/ # Reference: https://tria.ge/220126-z84zzsbac6 118.98.72.86:443 194.9.172.107:8080 45.13.132.26:8080 45.79.80.198:443 # Reference: https://pastebin.com/wWRdjKkW accessunited-bank.com/admin/hzIgVwq8btak/ actividades.laforetlanguages.com/wp-admin/IU833uv/ allaagency.ro/wp-admin/7/ anse-audition.com/dup-installer/1taimP6/ artanddesign.one/wp-content/uploads/A2cZL7/ autodiscover.karlamejia.com/wp-admin/hcdnVlRIiwvTVrJjJEE/ autostrach.com/wp-includes/LQaU36okE8/ b-lubisi-motivational-speaker.com/wp-admin/rviEsA/ barriemckay.com/wp-admin/yuF2aHG/ chochungcuhanoi.com/wp-content/cyE2u0cnolP/ connecticutsfinestmovers.com/Fox-C/mVwOqxT17gVWaE8E/ crmweb.info:443/bitrix/rc9XjtwF/ dev.learncaraudio.com/wp-admin/kVDBxJnZzE9UPEz/ dragontranscriptions.com/wp-admin/kvzgg3SXC1/ dulichkhampha24.net/wp-content/znJjEhVUupBTTtt8/ e-drive.hr/wp-snapshots/fY/ eleccom.shop:443/services/AEjSDj/ elenaghisellini.com/videos/PIz1/ falah.org.pk/vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/ getcode.info/wp-content/QDx8b5j/ hotelamerpalace.com/Fox-C404/LEPqPJpt4Gbr8BHAn/ huyndai-namdinh.com/wp-content/QQiYwNcaegg/ icfacn.com/runtime/n7qA2YStudp/ izocab.com/nashi-klienty/B5SC/ koperasipengayoman.co.id/download/mI1WG4YscwjwpTi5/ krezol-group.com:443/images/PmLGLKYeCBs5d/ ledcaopingdeng.com/wp-includes/Qq39yj7fpvk/ masboni.com/wp-admin/3zUQl/ midweststructure.com/wp-includes/pg8AaWRbnH3MffrNRMv/ montenegroinvesting.com/wp-admin/d5KRp8e1bUR20vICZ3p/ nomanatif.net/wp-includes/u1kbP/ osiris-cheats.net/wp-admin/pCwOGd7/ palankhir.hu/tools/GJRNhZHz/ pigij.com/wp-admin/MVW5/ pmfstukm.com/wp-admin/02Bmdv/ saarchitectsbd.com/wp-admin/tWzH87/ seotop1google.net/css/0TcmSq/ sesco-ks.com/wp-content/0Uuf/ sexescortsdubai.com/maintenance/jx4Ba/ sneakadream.com/wp-content/pccmAOq/ spraysafenorth.co.za/u0dvih/6/ starspeedng.com/One-File/U3Trml/ strawberry.kids-singer.net/assets_c/WAdvNT84Dmu/ tanquessepticos.com/wp-admin/ApVVbl1fQ0/ tattooblog.cn/wp-includes/KJLv/ umanostudio.com/wp-admin/n1LG7aJnptBlQkC/ unifiedpharma.com/wp-content/5arxM/ vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/ weddingbandsirelandjbk.com/hgsynt2/o/ wlmconcept.com/cgi-bin/9tl5Twe4suaxBKaKB/ yeald.finance/wp-admin/1WgPRm/ /Fox-C/mVwOqxT17gVWaE8E/ /Fox-C404/LEPqPJpt4Gbr8BHAn/ /One-File/U3Trml/ /admin/hzIgVwq8btak/ /assets_c/WAdvNT84Dmu/ /bitrix/rc9XjtwF/ /cgi-bin/9tl5Twe4suaxBKaKB/ /css/0TcmSq/ /download/mI1WG4YscwjwpTi5/ /dup-installer/1taimP6/ /hgsynt2/o/ /images/PmLGLKYeCBs5d/ /maintenance/jx4Ba/ /nashi-klienty/B5SC/ /runtime/n7qA2YStudp/ /services/AEjSDj/ /tools/GJRNhZHz/ /u0dvih/6/ /vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/ /wp-admin/02Bmdv/ /wp-admin/1WgPRm/ /wp-admin/3zUQl/ /wp-admin/ApVVbl1fQ0/ /wp-admin/IU833uv/ /wp-admin/MVW5/ /wp-admin/d5KRp8e1bUR20vICZ3p/ /wp-admin/hcdnVlRIiwvTVrJjJEE/ /wp-admin/kVDBxJnZzE9UPEz/ /wp-admin/kvzgg3SXC1/ /wp-admin/n1LG7aJnptBlQkC/ /wp-admin/pCwOGd7/ /wp-admin/rviEsA/ /wp-admin/tWzH87/ /wp-admin/yuF2aHG/ /wp-content/0Uuf/ /wp-content/5arxM/ /wp-content/QDx8b5j/ /wp-content/QQiYwNcaegg/ /wp-content/cyE2u0cnolP/ /wp-content/pccmAOq/ /wp-content/znJjEhVUupBTTtt8/ /wp-includes/KJLv/ /wp-includes/LQaU36okE8/ /wp-includes/Qq39yj7fpvk/ /wp-includes/pg8AaWRbnH3MffrNRMv/ /wp-includes/u1kbP/ /wp-snapshots/fY/ /wp-content/uploads/A2cZL7/ vegasvulkan1000.falah.org.pk # Reference: https://twitter.com/JAMESWT_MHT/status/1486637826997460992 jeffreylubin.igclout.com/wp-admin/vzOG/ kuyporn.com/wp-content/XSs5/ /wp-admin/vzOG/ /wp-content/XSs5/ # Reference: https://twitter.com/pr0xylife/status/1486727054582190080 store.anicyber.com/wp-content/upgrade/UJIYTq/ /wp-content/upgrade/UJIYTq/ /upgrade/UJIYTq/ # Reference: https://twitter.com/Max_Mal_/status/1486806808735924233 128.199.93.156:8080 # Reference: https://twitter.com/bomccss/status/1486976898903470080 http://91.240.118.172 # Reference: https://twitter.com/MarceloRivero/status/1465860745862778882 104.245.52.73:8080 # Reference: https://twitter.com/pr0xylife/status/1487003796983193600 hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/ hostfeeling.com /wp-admin/4XsjtOT7cFHvBV3HZ/ /4XsjtOT7cFHvBV3HZ/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_30.01.2022.txt 103.41.204.169:8080 139.196.72.155:8080 198.199.98.78:8080 74.207.230.120:8080 3-fasen.com/wp-content/3Bl0hBbW/ devbhoomigaushala.org/Getae/Vyo5rrNLAgd0QxXvkv/ ecobaby.pi-dh.com/Serendib/gl1hcef9Y3GSTCDC/ engaz.shop/wp-content/MOllqUm2nb/ imaginariumstore.fun/ncsb/cyGoTYqMmcRwvqdre/ lastregaristorante.com/wp-admin/ffdC7ElM2Bn2/ manchesterheatingservices.youprocontact.com/wp-admin/AiK19uMf/ mypurealsystem.com/App_Start/Rhh8lKO/ oculusvisioncare.com/wp-includes/ZEYDjosbNExFTdu/ onexone.elementor.cloud/cdrxhrt/uVE0uVHOz5E/ tamiladsense.com/wp-includes/BEADvqGgemV8SnTX/ tunbridgeservices.com/jfoeqhxz/zOX0/ vn.minino.com/wp-admin/c3WQa/ /App_Start/Rhh8lKO/ /Getae/Vyo5rrNLAgd0QxXvkv/ /Serendib/gl1hcef9Y3GSTCDC/ /cdrxhrt/uVE0uVHOz5E/ /jfoeqhxz/zOX0/ /ncsb/cyGoTYqMmcRwvqdre/ /wp-admin/AiK19uMf/ /wp-admin/c3WQa/ /wp-admin/ffdC7ElM2Bn2/ /wp-content/3Bl0hBbW/ /wp-content/MOllqUm2nb/ /wp-includes/BEADvqGgemV8SnTX/ /wp-includes/ZEYDjosbNExFTdu/ /3Bl0hBbW/ /AiK19uMf/ /BEADvqGgemV8SnTX/ /MOllqUm2nb/ /Rhh8lKO/ /Vyo5rrNLAgd0QxXvkv/ /ZEYDjosbNExFTdu/ /cyGoTYqMmcRwvqdre/ /ffdC7ElM2Bn2/ /gl1hcef9Y3GSTCDC/ /uVE0uVHOz5E/ # Reference: https://twitter.com/Cryptolaemus1/status/1488208403054968833 http://139.99.89.211/wp-admin/VM1HRb3b0MGGdp/ dev.learncaraudio.com/wp-admin/ZIwWVcNiED4JYqnq/ jeffreylubin.igclout.com/wp-admin/gJ5oDbi/ karensgardentips.com/cgi-bin/w9i3PIVDOJDeF095ST/ lastregaristorante.com/wp-admin/vkXFRVu/ sellin.app/wp-admin/0W4AcWvFkHkV/ tastedonline.com/cgi-bin/14Lg3P2Dt3rqBmaYZO/ /cgi-bin/14Lg3P2Dt3rqBmaYZO/ /cgi-bin/w9i3PIVDOJDeF095ST/ /wp-admin/0W4AcWvFkHkV/ /wp-admin/gJ5oDbi/ /wp-admin/vkXFRVu/ /wp-admin/VM1HRb3b0MGGdp/ /wp-admin/ZIwWVcNiED4JYqnq/ /0W4AcWvFkHkV/ /14Lg3P2Dt3rqBmaYZO/ /gJ5oDbi/ /vkXFRVu/ /VM1HRb3b0MGGdp/ /w9i3PIVDOJDeF095ST/ /ZIwWVcNiED4JYqnq/ # Reference: https://www.virustotal.com/gui/file/0148a97cedfa657b8c58cc8835270173343362a418d702c88507e20dc8210ecb/detection 144.76.186.49:8080 # Reference: https://www.virustotal.com/gui/file/228c467d19d608b5fa59f07189a82557a59af6ebbc2c001892c1e8e500644c6a/detection 128.199.157.63:80 185.46.123.38:80 23.205.118.16:80 47.110.149.223:8080 fr7.anbo5288.cc/-/Q7qLFrKJSlabny0snc/ peterpolz.to-create.eu/cgi-bin/toRO9wV0IQu6/ /-/Q7qLFrKJSlabny0snc/ /cgi-bin/toRO9wV0IQu6/ /Q7qLFrKJSlabny0snc/ /toRO9wV0IQu6/ # Reference: https://twitter.com/tosscoinwitcher/status/1487235154993041414 michaelcrompton.co.uk/wp-admin/G/ weezual.fr/ju9c/twEHJDCvNwGimD/ /ju9c/twEHJDCvNwGimD/ /twEHJDCvNwGimD/ # Reference: https://www.virustotal.com/gui/file/58952b261bb93ebb8ea1d8551ae1e0ad9de39763274ca02ff05b7254bbf60bd9/detection koshishmarketing.com/mo8igygw3uv/t4z68181/ ruanyun123.com/au10/769758/ /mo8igygw3uv/t4z68181/ /mo8igygw3uv/ /t4z68181/ # Reference: https://twitter.com/sugimu_sec/status/1488819822779838465 # Reference: https://twitter.com/sugimu_sec/status/1488819822779838465 103.75.201.4:443 129.232.188.93:443 138.185.72.26:8080 159.8.59.82:8080 159.89.230.105:443 160.16.102.168:80 164.68.99.3:8080 185.157.82.211:8080 200.17.134.35:7080 212.24.98.99:8080 bossblogg.com bossblogg.com/wp-includes/s0f0zg6/ /wp-includes/s0f0zg6/ # Reference: https://twitter.com/abel1ma/status/1488988762591805440 # Reference: https://tria.ge/220202-zxc25abedq actividades.laforetlanguages.com/wp-admin/BlkdOKDXL/ anugerahmasinternasional.co.id/wp-admin/SJbxE5I/ anwaralbasateen.com/Fox-C404/mDHkfgebMRzmGKBy/ arzulens.com/wp-includes/7gySgTg/ atmedic.cl/sistemas/3ZbsUAU/ biz.merlin.ua/wp-admin/W6agtFSRZGt371dV/ bruckevn.site/3yztzzvh/nmY4wZfbYL/ datasits.com/wp-includes/Zkj4QO/ daujimaharajmandir.org/wp-includes/63De/ pardiskood.com/wp-content/NR/ parkinsons.co.in/abc/Y6Y0fTbUEg6/ sbcopylive.com.br/rjuz/w/ trasix.com/wp-admin/y5Aa1jt0Sp2Qk/ /3yztzzvh/nmY4wZfbYL/ /Fox-C404/mDHkfgebMRzmGKBy/ /abc/Y6Y0fTbUEg6/ /sistemas/3ZbsUAU/ /wp-admin/BlkdOKDXL/ /wp-admin/SJbxE5I/ /wp-admin/W6agtFSRZGt371dV/ /wp-admin/y5Aa1jt0Sp2Qk/ /wp-content/NR/ /wp-includes/63De/ /wp-includes/7gySgTg/ /wp-includes/Zkj4QO/ /3yztzzvh/ /3ZbsUAU/ /7gySgTg/ /BlkdOKDXL/ /nmY4wZfbYL/ /SJbxE5I/ /W6agtFSRZGt371dV/ /Y6Y0fTbUEg6/ /mDHkfgebMRzmGKBy/ /y5Aa1jt0Sp2Qk/ # Reference: https://twitter.com/papa_anniekey/status/1489201689609445376 a-bc.cn/img/nhBjlyOAmot/ /img/nhBjlyOAmot/ /nhBjlyOAmot/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_03.02.2022.txt http://3.130.37.158 172.105.115.71:443 185.184.25.78:8080 54.37.106.167:8080 advancedguerrillamarketing.com/assets/oUD/ aishyana.com/wp-admin/6pY001tdOxYb10/ astronomy24x7.com/wp-content/05ZGtxtrfIxNVb0M/ chupahfashion.com/eh6bwxk/bowptl/xdAiCtVd/ crm.avionxpress.com/media/H4fjpmz/ dirtduel.com/db/v4gdL66Y/ gainc.info/product3_files/PwAGXtbf6tn5r/ https://albbd.online/wp-content/wUw03JZqT3/ https://detroitsignsandwraps.com/wp-admin/bPmzjYidYDLUT/ https://giskunihar.com/wp-content/4meLxvZP/ https://stavki-na-sporte.ru/wp-content/qZ9UqoY2IzXUAqW3/ https://tranhgohoangthiet.com/Fox-C/E9ZETOCG4gWfNONRKWG/ id-tiara.com/well-known/AW7ddGt/ karaah.com/kvxtqec/L8mqXiKjN95uoFOQqDS/ liaisonltd.com/-/wJqOY64M/ mail.gymcoachjose.com/ew9iwl/av20pfJZ44/ mail.terinhumphrey.com/tasty-crab-promo/qBdohcsqomjFk/ mail.themintlist.com/wp-includes/S5xbjWOoM75ysw9xaM/ nccikeja.com/back/lOo46UEiVanm/ orelco.net/wp-admin/5NiO/ sahayoghospitals.com/older/NFPLtNt4M3D1yYt/ stntools.com/js/uhTyC/ /-/wJqOY64M/ /Fox-C/E9ZETOCG4gWfNONRKWG/ /assets/oUD/ /back/lOo46UEiVanm/ /db/v4gdL66Y/ /eh6bwxk/bowptl/ /ew9iwl/av20pfJZ44/ /kvxtqec/L8mqXiKjN95uoFOQqDS/ /media/H4fjpmz/ /older/NFPLtNt4M3D1yYt/ /product3_files/PwAGXtbf6tn5r/ /tasty-crab-promo/qBdohcsqomjFk/ /well-known/AW7ddGt/ /wp-admin/5NiO/ /wp-admin/6pY001tdOxYb10/ /wp-admin/bPmzjYidYDLUT/ /wp-content/05ZGtxtrfIxNVb0M/ /wp-content/4meLxvZP/ /wp-content/qZ9UqoY2IzXUAqW3/ /wp-content/wUw03JZqT3/ /wp-includes/S5xbjWOoM75ysw9xaM/ /05ZGtxtrfIxNVb0M/ /0WGa0yF6b6F3VK5tb/ /0qJRIjxxhZ/ /4meLxvZP/ /6pY001tdOxYb10/ /AW7ddGt/ /E9ZETOCG4gWfNONRKWG/ /EIzEADnvS/ /H4fjpmz/ /L8mqXiKjN95uoFOQqDS/ /NFPLtNt4M3D1yYt/ /PwAGXtbf6tn5r/ /S5xbjWOoM75ysw9xaM/ /UrI6GM87K5u2y2pOW/ /YDjVQgZv/ /a0mJP2Adw5YTHt/ /av20pfJZ44/ /b5xkQkgEFiBmW/ /bPmzjYidYDLUT/ /bowptl/ /kUO7NnkpMp2cs/ /lOo46UEiVanm/ /qBdohcsqomjFk/ /qZ9UqoY2IzXUAqW3/ /uCccWJ/ /v4gdL66Y/ /wJqOY64M/ /wUw03JZqT3/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_03.02.2022.txt 123breathe.org/error/Drs/ advancedguerrillamarketing.com/assets/oUD/ aishyana.com/wp-admin/6pY001tdOxYb10/ albbd.online/wp-content/wUw03JZqT3/ astronomy24x7.com/wp-content/05ZGtxtrfIxNVb0M/ centrobilinguelospinos.com/wp-admin/EIzEADnvS/ chupahfashion.com/eh6bwxk/bowptl/xdAiCtVd/ crm.avionxpress.com/media/H4fjpmz/ detroitsignsandwraps.com/wp-admin/bPmzjYidYDLUT/ dirtduel.com/db/v4gdL66Y/ docs-construction.com/wp-admin/a0mJP2Adw5YTHt/ gainc.info/product3_files/PwAGXtbf6tn5r/ giskunihar.com/wp-content/4meLxvZP/ greenesqualityflooring.com/error/kUO7NnkpMp2cs/ id-tiara.com/well-known/AW7ddGt/ jeffreylubin.igclout.com/wp-admin/0WGa0yF6b6F3VK5tb/ karaah.com/kvxtqec/L8mqXiKjN95uoFOQqDS/ laohange.com/wp-content/0qJRIjxxhZ/ liaisonltd.com/-/wJqOY64M/ lupus.ktcatl.com/wp-content/uCccWJ/ mail.gymcoachjose.com/ew9iwl/av20pfJZ44/ mail.terinhumphrey.com/tasty-crab-promo/qBdohcsqomjFk/ mail.themintlist.com/wp-includes/S5xbjWOoM75ysw9xaM/ nccikeja.com/back/lOo46UEiVanm/ new.hssus.org/wp-includes/blocks/eKID0QAfLUS/ orelco.net/wp-admin/5NiO/ packersandmoversbangalorecharges.com/cgi-bin/UrI6GM87K5u2y2pOW/ sahayoghospitals.com/older/NFPLtNt4M3D1yYt/ stancewheels.com/wp-admin/b5xkQkgEFiBmW/ stavki-na-sporte.ru/wp-content/qZ9UqoY2IzXUAqW3/ tranhgohoangthiet.com/Fox-C/E9ZETOCG4gWfNONRKWG/ /-/wJqOY64M/ /Fox-C/E9ZETOCG4gWfNONRKWG/ /back/lOo46UEiVanm/ /cgi-bin/UrI6GM87K5u2y2pOW/ /db/v4gdL66Y/ /eh6bwxk/bowptl/ /error/kUO7NnkpMp2cs/ /ew9iwl/av20pfJZ44/ /kvxtqec/L8mqXiKjN95uoFOQqDS/ /media/H4fjpmz/ /older/NFPLtNt4M3D1yYt/ /product3_files/PwAGXtbf6tn5r/ /tasty-crab-promo/qBdohcsqomjFk/ /well-known/AW7ddGt/ /wp-admin/0WGa0yF6b6F3VK5tb/ /wp-admin/5NiO/ /wp-admin/6pY001tdOxYb10/ /wp-admin/EIzEADnvS/ /wp-admin/YDjVQgZv/ /wp-admin/a0mJP2Adw5YTHt/ /wp-admin/b5xkQkgEFiBmW/ /wp-admin/bPmzjYidYDLUT/ /wp-content/05ZGtxtrfIxNVb0M/ /wp-content/0qJRIjxxhZ/ /wp-content/4meLxvZP/ /wp-content/qZ9UqoY2IzXUAqW3/ /wp-content/uCccWJ/ /wp-content/wUw03JZqT3/ /wp-includes/S5xbjWOoM75ysw9xaM/ # Reference: https://twitter.com/pr0xylife/status/1489577555376156674 landorestates.com/wordpress/NELf96wr/ /wordpress/NELf96wr/ /NELf96wr/ # Reference: https://twitter.com/pr0xylife/status/1489675405476995074 adobe.flash.player.xghostma26.com csinoticias.com/wp-includes/RnHjIzg/ /wp-includes/RnHjIzg /RnHjIzg/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_05.02.2022.txt 119.235.255.201:8080 144.76.186.55:7080 178.128.83.165:80 192.95.56.148:8080 45.79.173.200:443 51.254.140.238:7080 82.165.152.127:8080 asaanweb.com/PHPMailer-master/1MYGpHszzRfHAN4/ bachilleratoporciclos.org/wp-content/zR/ candisee.bminteractivegroup.com/1g94ngo/2n7lJoPuPDEanPcX/ formula8020.com/css/JCuR6OE404DgR/ glowrentals.com/wp-admin/f1zeAKGTnS6I/ gosporthistoryclub.org.uk/wp-content/vOixo/ homedekornaturalcraft.com/ymu/fGsFT7j/ lucasandbarbiehodges.net/wp-content/nbKbVJ8E55V2I/ monet.kiev.ua/css/KvkD194/ pgegroups.com/ism.pgegroups.com/HTv8/ readyplans.in/wp-content/UtiS4IPBYSIiaPzCCe/ royalsnackmyanmar.com/wp-includes/Z4E3Vtp8k4Z/ ssf2.edelta.in/Themes/7hGzIAH5BYf9fFLK/ stimulusbrand.com/5qAhX5nC-content/1/ store.uxdsummit.com/wp-admin/VfgBSQa7Z/ subs.video/netreginstall/7LKhp4JjAyQ0mc/ theclubgym.in/wp-includes/jnTMKV3pHa9a/ /1g94ngo/2n7lJoPuPDEanPcX/ /5qAhX5nC-content/1/ /PHPMailer-master/1MYGpHszzRfHAN4/ /Themes/7hGzIAH5BYf9fFLK/ /css/JCuR6OE404DgR/ /css/KvkD194/ /ism.pgegroups.com/HTv8/ /netreginstall/7LKhp4JjAyQ0mc/ /wp-admin/VfgBSQa7Z/ /wp-admin/f1zeAKGTnS6I/ /wp-content/UtiS4IPBYSIiaPzCCe/ /wp-content/nbKbVJ8E55V2I/ /wp-content/vOixo/ /wp-content/zR/ /wp-includes/Z4E3Vtp8k4Z/ /wp-includes/jnTMKV3pHa9a/ /ymu/fGsFT7j/ /1MYGpHszzRfHAN4/ /1g94ngo/ /2n7lJoPuPDEanPcX/ /5qAhX5nC-content/ /7LKhp4JjAyQ0mc/ /7hGzIAH5BYf9fFLK/ /fGsFT7j/ /JCuR6OE404DgR/ /KvkD194/ /UtiS4IPBYSIiaPzCCe/ /VfgBSQa7Z/ /Z4E3Vtp8k4Z/ /f1zeAKGTnS6I/ /jnTMKV3pHa9a/ /nbKbVJ8E55V2I/ /vOixo/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_07.02.2022.txt 174.136.15.27:8080 185.122.58.89:443 93.104.208.37:8080 7jcat.com/wp-content/cQO3vdPQavJrf2UrCW/ desayunosdesde.casa/wp-content/lyNShWgYN7F/ pickuphiblog.tatamotors.com/wp-includes/LoBv7LwWesAhk7Xu0A/ subs.video/netreginstall/6TMx9WQkWQG3mnRyrD/ phutungbom.com/cgi-bin/CawQlbH731aUMSP/ /cgi-bin/CawQlbH731aUMSP/ /netreginstall/6TMx9WQkWQG3mnRyrD/ /wp-content/cQO3vdPQavJrf2UrCW/ /wp-includes/LoBv7LwWesAhk7Xu0A/ /wp-content/lyNShWgYN7F/ /6TMx9WQkWQG3mnRyrD/ /CawQlbH731aUMSP/ /cQO3vdPQavJrf2UrCW/ /LoBv7LwWesAhk7Xu0A/ /lyNShWgYN7F/ # Reference: https://twitter.com/Max_Mal_/status/1490754610251849737 pickuptnblog.tatamotors.com/iyc6qmm/11lz0UGDvT/ shejiguanjia.com/wp-includes/PjsuDhy5/ /iyc6qmm/11lz0UGDvT/ /wp-includes/PjsuDhy5/ /11lz0UGDvT/ /iyc6qmm/ /PjsuDhy5/ # Reference: https://twitter.com/Max_Mal_/status/1490754611824762893 180.250.21.2:443 # Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_08.02.2022.txt 103.42.57.17:8080 casualenglishchat.com/cgi/6g0pcvCOYPZYn/ francisdifronzo.com/eln-images/T6yB/ goncalves.com/counter/3OkjcVmCPdokTG/ grimmcm.com/cgi/6hoBPCb3E/ intelfirm.com/eln-images/xaTiPeapzK/ k7tgu.com/Bryce/UBfCU05bih/ keyesforsteuben.com/cgi/vnBHCHIlWZx/ manningind.com/eln-images/rx7j2VVFK/ mardigrasslandscaping.com/cgi/w4BV/ mkdevcorp.com/cgi/33HhffLF60pcv/ ronfrankproductions.com/4agreements/trEgS/ topstravel.com/VPImages/dPW/ urieprocor.com/cgi/m2m7z88gOsNceL/ /4agreements/trEgS/ /Bryce/UBfCU05bih/ /VPImages/dPW/ /cgi/33HhffLF60pcv/ /cgi/6g0pcvCOYPZYn/ /cgi/6hoBPCb3E/ /cgi/m2m7z88gOsNceL/ /cgi/vnBHCHIlWZx/ /cgi/w4BV/ /counter/3OkjcVmCPdokTG/ /eln-images/T6yB/ /eln-images/rx7j2VVFK/ /eln-images/xaTiPeapzK/ /33HhffLF60pcv/ /3OkjcVmCPdokTG/ /6g0pcvCOYPZYn/ /6hoBPCb3E/ /UBfCU05bih/ /m2m7z88gOsNceL/ /rx7j2VVFK/ /vnBHCHIlWZx/ /xaTiPeapzK/ # Reference: https://twitter.com/Max_Mal_/status/1490985607191232516 annefront.com/eln-images/gANlH/ boamorph.com/cgi/hTa5ip96VSdNjX/ chpopesco.com/Gallery/wPY7j2SE5MIv/ hollywoodvisual.com/eln-images/HIWl5z/ marcowine.com/Images/SLlwnvS7Uxnymm/ marezdecor.com/MarezGallery/sEQxWTpMJ7A8rAtY0D/ miniflam.com/eln-images/fSwbQjUMAfGxgdw/ modsociete.com/cgi/qtAP/ realacorp.net/PhotoGallery/UwmRHceSGbaCeGF/ rogerschultz.com/eln-images/u0vT/ /Gallery/wPY7j2SE5MIv/ /Images/SLlwnvS7Uxnymm/ /MarezGallery/sEQxWTpMJ7A8rAtY0D/ /PhotoGallery/UwmRHceSGbaCeGF/ /cgi/hTa5ip96VSdNjX/ /cgi/qtAP/ /eln-images/HIWl5z/ /eln-images/fSwbQjUMAfGxgdw/ /eln-images/gANlH/ /eln-images/u0vT/ /HIWl5z/ /SLlwnvS7Uxnymm/ /UwmRHceSGbaCeGF/ /fSwbQjUMAfGxgdw/ /hTa5ip96VSdNjX/ /sEQxWTpMJ7A8rAtY0D/ /wPY7j2SE5MIv/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_08.02.2022.txt 153.126.203.229:8080 31.24.158.56:8080 8.9.11.48:443 bachilleratoporciclos.co/wp-content/PvIIx7/ calad-formation.fr/r3x94z/kgZ9OGCi/ dwwmaster.com/wp-content/ebHTB4UF2/ edu-media.cn/wp-admin/cKi/ formula8020.com/css/56Dzi0P/ fullness-safety.com/-/P6x/ lissbernardin.com/hthjb3i/x9KHpCeYrr/ nabajyotifoundation.com/da8uc7jo/4Za/ pristineservices.findfacts.co.in/cgi-bin/BuLyc2HKLHIQVHQLc/ royalsnackmyanmar.com/wp-includes/GMtz6DxM/ royaltyrealtynsb.com/backup_1/g51THhhLLUqodx6/ rtd.b2bpipe.cn/wp-content/8ESRhIJAIRh/ speedrankingsystem.de/wp-admin/k63ZcimPsE6/ tigela.org.np/wp-content/Irp27O71/ /-/P6x/ /backup_1/g51THhhLLUqodx6/ /cgi-bin/BuLyc2HKLHIQVHQLc/ /css/56Dzi0P/ /da8uc7jo/4Za/ /hthjb3i/x9KHpCeYrr/ /r3x94z/kgZ9OGCi/ /wp-admin/cKi/ /wp-admin/k63ZcimPsE6/ /wp-content/8ESRhIJAIRh/ /wp-content/Irp27O71/ /wp-content/PvIIx7/ /wp-content/ebHTB4UF2/ /wp-includes/GMtz6DxM/ /56Dzi0P/ /8ESRhIJAIRh/ /BuLyc2HKLHIQVHQLc/ /GMtz6DxM/ /Irp27O71/ /PvIIx7/ /da8uc7jo/ /ebHTB4UF2/ /g51THhhLLUqodx6/ /hthjb3i/ /k63ZcimPsE6/ /kgZ9OGCi/ /r3x94z/ /x9KHpCeYrr/ # Reference: https://isc.sans.edu/diary/28318 138.197.64.211:8080 202.29.237.114:8080 # Reference: https://twitter.com/58_158_177_102/status/1491351649662959619 alivesystems.com/eln-images/pm2rSsnVM/ don-lee.com/_notes/U6H14DNA/ hi-techaudio.com/dir2021/g3d/ mellow60s.com/Stanley_files/EFIqwZ183rfmd/ /_notes/U6H14DNA/ /eln-images/pm2rSsnVM/ /Stanley_files/EFIqwZ183rfmd/ /EFIqwZ183rfmd/ /pm2rSsnVM/ /U6H14DNA/ # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-02-10-IOCs-for-Emotet-epoch5-infection-with-Cobalt-Strike.txt 198.199.126.144:443 comezmuhendislik.com/ljfrmm/VTpHRFWoORAHnRQ3aQL/ fortiuspharma.com/y6krss/EGm347cqj5/ garyjharris.com/cgi-bin/0hH/ golfpia.karmatechmediaworks.com/wp-content/oEicpDnEkk/ midnightsilvercrafters.com/store/wBjNOUw/ redington.karmatechmediaworks.com/wp-content/3JVuVx7QUM/ servilogic.net/b/14hqrdyP0Z3WsbQib8/ tempral.com/NATE_05_22_2009/BI710N4cQ6R3/ toto.karmatechmediaworks.com/wp-content/i826vbcVgRJ/ uhc.karmatechmediaworks.com/wp-content/0EqfdeznntlOpaIP2Qv/ vietnam.karmatechmediaworks.com/wp-content/PfSVQagusZy7AaMw/ vinculinc.karmatechmediaworks.com/wp-content/VlcOPPwgidWlXDJNs6/ webmail.glemedical.com/wp-content/J1M2xxodH/ /NATE_05_22_2009/BI710N4cQ6R3/ /b/14hqrdyP0Z3WsbQib8/ /cgi-bin/0hH/ /ljfrmm/VTpHRFWoORAHnRQ3aQL/ /store/wBjNOUw/ /wp-content/0EqfdeznntlOpaIP2Qv/ /wp-content/3JVuVx7QUM/ /wp-content/J1M2xxodH/ /wp-content/PfSVQagusZy7AaMw/ /wp-content/VlcOPPwgidWlXDJNs6/ /wp-content/i826vbcVgRJ/ /wp-content/oEicpDnEkk/ /y6krss/EGm347cqj5/ /0EqfdeznntlOpaIP2Qv/ /14hqrdyP0Z3WsbQib8/ /3JVuVx7QUM/ /BI710N4cQ6R3/ /EGm347cqj5/ /J1M2xxodH/ /NATE_05_22_2009/ /PfSVQagusZy7AaMw/ /VTpHRFWoORAHnRQ3aQL/ /VlcOPPwgidWlXDJNs6/ /i826vbcVgRJ/ /ljfrmm/ /oEicpDnEkk/ /wBjNOUw/ /y6krss/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_11.02.2022.txt 185.248.140.40:443 203.114.109.124:443 clairemauer.com/wp-admin/vXjSf8tAAMLwwWh3/ hillyerassociates.com/cgi/qQV/ idesign-bruceberman.com/cgi/m7CP7jP7DPkcy/ internationalstrategy.org/cgi/VT7we3QHAboswHu2ff/ joncicchettilandscapearchitect.com/eln-images/welcome/Pkoh97H/ oakcourtpress.com/Guest/M/ piedpiperdesigns.com/OLDSITE-DEC-2006/0OxPcj5Sjk/ robevansphotography.com/cgi/vNM8Ufvon3js/ roketscience.com/cgi/qpTxCZiW0HqynNH//7RFeiqkgymCs/ tonysommers.net/eln-images/BowlvMV7raSyx8l/ triangle-associates.com/ESW/Styles/yEHM2ir/ ttisecurity.com/cgi/7RFeiqkgymCs/ /ESW/Styles/ /Guest/M/ /OLDSITE-DEC-2006/0OxPcj5Sjk/ /cgi/7RFeiqkgymCs/ /cgi/VT7we3QHAboswHu2ff/ /cgi/m7CP7jP7DPkcy/ /cgi/qQV/ /cgi/qpTxCZiW0HqynNH/ /cgi/vNM8Ufvon3js/ /eln-images/BowlvMV7raSyx8l/ /eln-images/welcome/ /wp-admin/vXjSf8tAAMLwwWh3/ /0OxPcj5Sjk/ /7RFeiqkgymCs/ /BowlvMV7raSyx8l/ /OLDSITE-DEC-2006/ /VT7we3QHAboswHu2ff/ /m7CP7jP7DPkcy/ /qpTxCZiW0HqynNH/ /vNM8Ufvon3js/ /vXjSf8tAAMLwwWh3/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_09.02.2022.txt dadsgetinthegame.com/eln-images/tAAUG/ framemakers.us/eln-images/U5W2IGE9m8i9h9r/ missionnyc.org/fonts/JO5/ mpmcomputing.com/fonts/fJJrjqpIY3Bt3Q/ niplaw.com/asolidfoundation/yCE9/ robertflood.us/eln-images/DGI2YOkSc99XPO/ robertmchilespe.com/cgi/3f/ rosevideo.net/eln-images/EjdCoMlY8Gy/ rosewoodcraft.com/Merchant2/5.00/PGqX/ smbservices.net/cgi/JO01ckuwd/ stkpointers.com/eln-images/D/ vbaint.com/eln-images/H2pPGte8XzENC/ vocoptions.net/cgi/ifM9R5ylbVpM8hfR/ youlanda.org/eln-images/n8DPZISf/ /asolidfoundation/yCE9/ /cgi/JO01ckuwd/ /cgi/ifM9R5ylbVpM8hfR/ /eln-images/DGI2YOkSc99XPO/ /eln-images/EjdCoMlY8Gy/ /eln-images/H2pPGte8XzENC/ /eln-images/U5W2IGE9m8i9h9r/ /eln-images/n8DPZISf/ /eln-images/tAAUG/ /fonts/fJJrjqpIY3Bt3Q/ /DGI2YOkSc99XPO/ /EjdCoMlY8Gy/ /H2pPGte8XzENC/ /JO01ckuwd/ /U5W2IGE9m8i9h9r/ /fJJrjqpIY3Bt3Q/ /ifM9R5ylbVpM8hfR/ /n8DPZISf/ /tAAUG/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_09.02.2022.txt alivesystems.com/eln-images/pm2rSsnVM/ consciences.center/wp-includes/SkW2w/ creedmoorpartners.com/eln-images/wEYKd5KJZETheBswq/ don-lee.com/_notes/U6H14DNA/ hi-techaudio.com/dir2021/g3d/ homehandyworks.com/eln-images/xFIDPfs4SS1yw7ghXXk/ lost-earth.com/Black_and_White/ZW4rHEdD1vZX/ mag-designs.com/css/L3QKlr6iTzILVzbnC/ mattersoffact.com/cgi/E0C1vtSqt/ mellow60s.com/Stanley_files/EFIqwZ183rfmd/ pro-ficientllc.com/PDF_files/5A9W8/ pureplatinumband.com/Schedule/EW24AYJCvBpN8Gc/ roderickpowellentertainment.com/eln-images/OVOyN3y9/ /Black_and_White/ZW4rHEdD1vZX/ /PDF_files/5A9W8/ /Schedule/EW24AYJCvBpN8Gc/ /Stanley_files/EFIqwZ183rfmd/ /_notes/U6H14DNA/ /cgi/E0C1vtSqt/ /css/L3QKlr6iTzILVzbnC/ /dir2021/g3d/ /eln-images/OVOyN3y9/ /eln-images/pm2rSsnVM/ /eln-images/wEYKd5KJZETheBswq/ /eln-images/xFIDPfs4SS1yw7ghXXk/ /wp-includes/SkW2w/ /5A9W8/ /E0C1vtSqt/ /EFIqwZ183rfmd/ /EW24AYJCvBpN8Gc/ /L3QKlr6iTzILVzbnC/ /OVOyN3y9/ /SkW2w/ /U6H14DNA/ /ZW4rHEdD1vZX/ /pm2rSsnVM/ /wEYKd5KJZETheBswq/ /xFIDPfs4SS1yw7ghXXk/ # Reference: https://www.virustotal.com/gui/file/0633019e5eec5f2411498a8c1fb0404c39af1ddc80675accb4cd0428af676383/detection # Reference: https://www.virustotal.com/gui/file/adbb3ecd9f25ed93e82b54c8e33ab48cd8367306bab18f955e77c8977f012a7a/detection # Reference: https://www.virustotal.com/gui/file/a99169c0c4cd0aae9f820e42d34b687a46c45cfc8315a6fd5e011852fa150f69/detection # Reference: https://www.virustotal.com/gui/file/93a581ab0f18f2032170c770692ebfd739338f25a5a0ae967ccffcf56edf9127/detection # Reference: https://www.virustotal.com/gui/file/801858246d64e2d7d45a3b01068f4aedc5d1a12278763a64a2c07b8f6bfa2598/detection painelcs.duckdns.org /dotms_8/OUIDmYHQiEj.dotm /dotms_8/ /DomOnPQPslJyYNqj.dotm /eSqpvxVWiQOlLamn.dotm /OUIDmYHQiEj.dotm /yrKhfrbXXji.dotm /zwNcWaUPHZI.dotm # Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_22.02.2022.txt 103.134.85.85:80 156.67.219.84:7080 175.107.196.192:80 50.30.40.196:8080 1566xueshe.com/wp-includes/z92ZVqHH8/ actividades.laforetlanguages.com/wp-admin/dU8Ds/ ama.cu/jpr/VVP/ dwwmaster.com/wp-content/1sR2HfFxQnkWuu/ edu-media.cn/wp-admin/0JAE/ iacademygroup.cl/office/G42LJPLkl/ mtc.joburg.org.za/-/GBGJeFxXWlNbABv2/ mymicrogreen.mightcode.com/Fox-C/NWssAbNOJDxhs/ o2omart.co.in/infructuose/m4mgt2MeU/ wearsweetbomb.com/wp-content/15zZybP1EXttxDK4JH/ znzhou.top/mode/0Qb/ /-/GBGJeFxXWlNbABv2/ /Fox-C/NWssAbNOJDxhs/ /infructuose/m4mgt2MeU/ /office/G42LJPLkl/ /wp-admin/0JAE/ /wp-admin/dU8Ds/ /wp-content/15zZybP1EXttxDK4JH/ /wp-content/1sR2HfFxQnkWuu/ /wp-includes/z92ZVqHH8/ /15zZybP1EXttxDK4JH/ /1sR2HfFxQnkWuu/ /G42LJPLkl/ /GBGJeFxXWlNbABv2/ /NWssAbNOJDxhs/ /m4mgt2MeU/ /z92ZVqHH8/ # Reference: https://www.virustotal.com/gui/file/1ab2f31fb0b73d7c82f3bf340a1dcbf80e5b0855ffe0d8052a74154656dd18f7/detection 175.107.196.192:443 # Reference: https://tria.ge/220223-shbgesbhcj 27.254.174.84:8080 45.71.195.104:8080 61.7.231.226:443 61.7.231.229:443 68.183.93.250:443 93.104.209.107:8080 # Reference: github.com/pr0xylife/Emotet/blob/main/e5_emotet_23.02.2022.txt lydt.cc animalsandusfujairah.com/wp-admin/JWO58zeUOwSI/ dalgahavuzu.com/pwkfky/LF0WU/ dmdagents.com.au/vqwbgz/CL4Bo4C4VS0deg/ dolphinsupremehavuzrobotu.com/yrrct/QcbxhqCQ/ dolphinwavehavuzrobotu.com/wp-includes/RmCbvIKjjtlB3tabyPo/ duvarkagitlarimodelleri.com/42hhp/gZXakh7/ gmo-sol-10.heteml.jp/includes/UoJMgYAc1EES/ gmo-sol-p10.heteml.jp/includes/UoJMgYAc1EES/ havuzkaydiraklari.com/wp-includes/YqYdLFA/ iashanghai.cn/z/Z1PG6ulBh20plss/ isguvenligiburada.com/xcg/uZSU/ kinetekturk.com/e2ea69p/9U52O7jTobF8J/ littlesweet.co.uk/wp-admin/vko/ lpm.fk.ub.ac.id/Fox-C/faKwS6p6/ lydt.cc/wp-includes/6sfYo/ pasionportufuturo.pe/wp-content/HkUfvw0xuCy5/ sandiegoinsuranceagents.com/cgi-bin/XK1VSXZddLdN/ servidorcarlosydavid.es/wp-admin/jkNPgHxNjF/ stratuswebsolutions.co.nz/wp-content/wyEEj5jH8xq50rp1/ swaong.com/assets/VV4/ vipwatchpay.com/Isoetales/5wy8L0TQ1xCZEr/ wvfsbrasil.com.br/Acrasieae/LIYNOqCthfZuCWQz3/ /42hhp/gZXakh7/ /Acrasieae/LIYNOqCthfZuCWQz3/ /Fox-C/faKwS6p6/ /Isoetales/5wy8L0TQ1xCZEr/ /cgi-bin/XK1VSXZddLdN/ /e2ea69p/9U52O7jTobF8J/ /includes/UoJMgYAc1EES/ /pwkfky/LF0WU/ /vqwbgz/CL4Bo4C4VS0deg/ /wp-admin/JWO58zeUOwSI/ /wp-admin/jkNPgHxNjF/ /wp-admin/vko/ /wp-content/HkUfvw0xuCy5/ /wp-content/wyEEj5jH8xq50rp1/ /wp-includes/6sfYo/ /wp-includes/RmCbvIKjjtlB3tabyPo/ /wp-includes/YqYdLFA/ /yrrct/QcbxhqCQ/ /z/Z1PG6ulBh20plss/ /5wy8L0TQ1xCZEr/ /6sfYo/ /9U52O7jTobF8J/ /CL4Bo4C4VS0deg/ /HkUfvw0xuCy5/ /JWO58zeUOwSI/ /LF0WU/ /LIYNOqCthfZuCWQz3/ /pwkfky/ /QcbxhqCQ/ /RmCbvIKjjtlB3tabyPo/ /UoJMgYAc1EES/ /XK1VSXZddLdN/ /YqYdLFA/ /Z1PG6ulBh20plss/ /faKwS6p6/ /gZXakh7/ /jkNPgHxNjF/ /wyEEj5jH8xq50rp1/ # Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-02-26_Emotet_DownloadURLs http://192.99.237.111 http://198.50.143.158 http://47.244.189.73 http://68.183.232.164 1566xueshe.com/wp-includes/z92ZVqHH8/ actividades.laforetlanguages.com/wp-admin/dU8Ds/ ajaxmatters.com/c7g8t/zbBYgukXYxzAF2hZc/ akhrailway.com/cgi-bin/b5c9CX4IK2GgN6C/ ama.cu/jpr/00YpKFEZ/ ama.cu/jpr/VVP/ appyhorsey.com/FeedBack/adJcH8XSC66hKK/ barnhart-studios.com/eln-images/Vghg1n/ beholdpublications.com/home/BABxyyWZx8Vu/ bimbeladzkia.com/1600-arrow/njvK9lEVwMfxQyw/ boamorph.com/cgi/hTa5ip96VSdNjX/ boardingschoolsoftware.com/backup/VC7WK/ cairm.xyz/backup_1/mQPAhJhpV/ carretilha.net/whats/qZ7jacauUIqEBtnUm/ centrobilinguelospinos.com/wp-admin/AivCY/ chastongroditski.com/eln-images/skSsCLJtI24kZvo/ chpopesco.com/Gallery/wPY7j2SE5MIv/ cksacoustics.com/wp-includes/bQ1/ cmbavocat.fr/wp-admin/uKCcU1bqvbSvE/ crm.avionxpress.com/media/H4fjpmz/ danahousecare.com/wp-content/cache/nAZV1f5Bh9CFmBtl2J/ dehraduncabs.com/wp-includes/9xqp/ dev.subs2me.com/wp-includes/EMa/ distribucionespariente.com/wp-includes/YHQ1W1R2iSznft2vO/ docs-construction.com/wp-admin/a0mJP2Adw5YTHt/ docs-construction.com/wp-admin/jDDqg/ dolphinsupremehavuzrobotu.com/yrrct/QcbxhqCQ/ dolphinwavehavuzrobotu.com/wp-includes/RmCbvIKjjtlB3tabyPo/ duvarkagitlarimodelleri.com/42hhp/gZXakh7/ dwwmaster.com/wp-content/1sR2HfFxQnkWuu/ dwwmaster.com/wp-content/W7XGpodRs5kYvnV/ dwwmaster.com/wp-content/ebHTB4UF2/ edu-media.cn/wp-admin/0JAE/ edu-media.cn/wp-admin/cKi/ environmentalaw.com/cgi/Qb/ estesgroup.net/New-site-25062021/UkQPppHG9pLNE/ explorationit.com/screwing/AxLm/ filecabinet.digitalechoes.co.uk/wp-admin/NC/ fortiuspharma.com/y6krss/EGm347cqj5/ framemakers.us/eln-images/U5W2IGE9m8i9h9r/ fraudaware.org.uk/wp-admin/UPeayYdSM/ gmo-sol-p10.heteml.jp/includes/UoJMgYAc1EES/ gocut.com/eln-images/cAw7Uw2w/ goncalves.com/counter/3OkjcVmCPdokTG/ grimmcm.com/cgi/6hoBPCb3E/ havuzkaydiraklari.com/wp-includes/YqYdLFA/ hcci.worldofss.com/fold-vhdl/CnBgXD/ howebeautiful.com/eln-images/tyj208/ iacademygroup.cl/office/G42LJPLkl/ iashanghai.cn/z/Z1PG6ulBh20plss/ id-tiara.com/well-known/2FC/ id-tiara.com/well-known/AW7ddGt/ idesign-bruceberman.com/cgi/m7CP7jP7DPkcy/ idvlab.com.br/wp-admin/FIWBL/ imprecof.com/i/QPWeAg0C1hh/ ineslebuhan.com/wp-includes/7dLR8UB3RFfSHd4cZN/ institutionsevigne.org/wp-includes/pvDqUHqjYEqoQ6R/ isatechnology.com/training/49zvkrPOeNa346BZfzRNtmmpCNcRmGQHwN9bDIZ7aqABWR/ isguvenligiburada.com/xcg/uZSU/ jkonderhoud.nl/wp-content/6of/ k7tgu.com/Bryce/UBfCU05bih/ karmapedia.com/wp-includes/edvf/ keyesforsteuben.com/cgi/vnBHCHIlWZx/ levohistam.com/wp-admin/VdXm/ lpm.fk.ub.ac.id/Fox-C/faKwS6p6/ lucacerullo.com/wp-admin/sZ7Sw/ lydt.cc/wp-includes/6sfYo/ makspeedtech.com/cgi-bin/6BuOTbA/ marcowine.com/Images/SLlwnvS7Uxnymm/ mariemont.edu.co/wp-admin/i8Lqty/ marineboyrecords.com/font-awesome/QBBByHDDYl0slxlQ/ marineboyrecords.com/font-awesome/t37LOj/ mbahauddin.com/v/2horjuyP/ mcjalandhar.in/1950-kill/BMoLHJM4g/ meridianites.com/cgi/pBoGxZ9igKZKn/ miniflam.com/eln-images/fSwbQjUMAfGxgdw/ mtc.joburg.org.za/-/GBGJeFxXWlNbABv2/ mymicrogreen.mightcode.com/Fox-C/NWssAbNOJDxhs/ narsanat.com/banner/TnIhz/ newmainghantabazar.com/wp-includes/tyiPqbUMvMq79yMyM8E/ nuugebeya.com/wp-content/LqCYYSBQ/ old.liceum9.ru/images/images/NKeRl/ on-lineventures.com/cgi/ks0Mp/ orbdyn.com/eln-images/72ua/ pasionportufuturo.pe/wp-content/HkUfvw0xuCy5/ patriciamirapsicologa.com/wp-includes/fVVa9DXB/ pouget-malescours.fr/wp-content/1oyGiKJgrGOQE/ qqziyuanwang.com/wp-includes/KtXrm5GwJ/ qqziyuanwang.com/wp-includes/Tad/ realitevirtuelleguadeloupe.com/warp-visa/xogkV/ robointeligentedecomentarios.com/wp-includes/YBS9a02Y68auiEdP/ rtd.b2bpipe.cn/wp-content/8ESRhIJAIRh/ schildersbedrijfdsdevos.nl/wp-content/ItnBDmJay1Udk/ seacupps.com/eln-images/AYvykzg/ shadesofask.com/10000-ncsa/iwqc/ shrinandrajoverseas.com/old/DKrM3rb3YibtEJUVmvS/ simulateur.olsenandg.com/macd-10gbe/55vS6Mo8YYii/ skyridgedesigns.com/eln-images/38pr2cu3xt2Ai/ sleepstarlite-ozark.com/batesville/UjX/ stavki-na-sporte.ru/wp-content/qZ9UqoY2IzXUAqW3/ swaong.com/assets/VV4/ swaong.com/b/SVSAPzeDU657xJdmJv/ swaong.com/wp-admin/k9Db4Vjafnk/ tainformado.com.br/wp-content/0Ysot/ thecanadianarab.com/wp-content/VJ/ towardsun.net/admin/O29Fja/ vanessanascimento.com.br/auren-xbox/cDD2dfW/ vasilestudio.com/wp-admin/pZ1vbd5Z/ vasilestudio.com/wp-admin/vh8oEprCE3/ vendedoramigo.com.br/wp-admin/tfQwLyk4/ vipwatchpay.com/Isoetales/5wy8L0TQ1xCZEr/ vocoptions.net/cgi/ifM9R5ylbVpM8hfR/ vrstar-park.com/wp-includes/0bAm9feNorwTmVrj/ wearsweetbomb.com/wp-content/15zZybP1EXttxDK4JH/ webnatico.com/wp-content/upgrade/0MX2VOYxID/ wencollection.com/wp-admin/pY6t2bVC0QWEpk7Q/ wvfsbrasil.com.br/Acrasieae/LIYNOqCthfZuCWQz3/ xn--t60b69m1ey68a22oyvh.com/wp-content/Ie0/ yanapiri.com/upeatv/9IZP9RfbH338pFPI/ yatrataxi.com/wp-content/X4Ce/ york-show.ru/Kennedya/nmKdRgc70/ znzhou.top/mode/0Qb/ /10000-ncsa/iwqc/ /1600-arrow/njvK9lEVwMfxQyw/ /1950-kill/BMoLHJM4g/ /42hhp/gZXakh7/ /Acrasieae/LIYNOqCthfZuCWQz3/ /Bryce/UBfCU05bih/ /FeedBack/adJcH8XSC66hKK/ /Fox-C/NWssAbNOJDxhs/ /Fox-C/faKwS6p6/ /Gallery/wPY7j2SE5MIv/ /Images/SLlwnvS7Uxnymm/ /Isoetales/5wy8L0TQ1xCZEr/ /Kennedya/nmKdRgc70/ /New-site-25062021/UkQPppHG9pLNE/ /admin/O29Fja/ /assets/VV4/ /auren-xbox/cDD2dfW/ /b/SVSAPzeDU657xJdmJv/ /backup/VC7WK/ /backup_1/mQPAhJhpV/ /banner/TnIhz/ /batesville/UjX/ /c7g8t/zbBYgukXYxzAF2hZc/ /cgi-bin/6BuOTbA/ /cgi-bin/PsABe8gznY/ /cgi-bin/b5c9CX4IK2GgN6C/ /cgi/6hoBPCb3E/ /cgi/Qb/ /cgi/hTa5ip96VSdNjX/ /cgi/ifM9R5ylbVpM8hfR/ /cgi/ks0Mp/ /cgi/m7CP7jP7DPkcy/ /cgi/pBoGxZ9igKZKn/ /cgi/vnBHCHIlWZx/ /counter/3OkjcVmCPdokTG/ /eln-images/38pr2cu3xt2Ai/ /eln-images/72ua/ /eln-images/AYvykzg/ /eln-images/U5W2IGE9m8i9h9r/ /eln-images/Vghg1n/ /eln-images/cAw7Uw2w/ /eln-images/fSwbQjUMAfGxgdw/ /eln-images/skSsCLJtI24kZvo/ /eln-images/tyj208/ /fold-vhdl/CnBgXD/ /font-awesome/QBBByHDDYl0slxlQ/ /font-awesome/t37LOj/ /home/BABxyyWZx8Vu/ /i/QPWeAg0C1hh/ /includes/UoJMgYAc1EES/ /jpr/00YpKFEZ/ /jpr/VVP/ /macd-10gbe/55vS6Mo8YYii/ /media/H4fjpmz/ /mode/0Qb/ /office/G42LJPLkl/ /old/DKrM3rb3YibtEJUVmvS/ /screwing/AxLm/ /training/49zvkrPOeNa346BZfzRNtmmpCNcRmGQHwN9bDIZ7aqABWR/ /upeatv/9IZP9RfbH338pFPI/ /v/2horjuyP/ /warp-visa/xogkV/ /well-known/2FC/ /well-known/AW7ddGt/ /well-known/cwxgmEZsYIT/ /whats/qZ7jacauUIqEBtnUm/ /wp-admin/0JAE/ /wp-admin/AivCY/ /wp-admin/FIWBL/ /wp-admin/NC/ /wp-admin/PnJY1/ /wp-admin/UPeayYdSM/ /wp-admin/VdXm/ /wp-admin/a0mJP2Adw5YTHt/ /wp-admin/cKi/ /wp-admin/dU8Ds/ /wp-admin/i8Lqty/ /wp-admin/jDDqg/ /wp-admin/k9Db4Vjafnk/ /wp-admin/pY6t2bVC0QWEpk7Q/ /wp-admin/pZ1vbd5Z/ /wp-admin/sZ7Sw/ /wp-admin/tfQwLyk4/ /wp-admin/uKCcU1bqvbSvE/ /wp-admin/vh8oEprCE3/ /wp-content/0Ysot/ /wp-content/15zZybP1EXttxDK4JH/ /wp-content/1oyGiKJgrGOQE/ /wp-content/1sR2HfFxQnkWuu/ /wp-content/6of/ /wp-content/8ESRhIJAIRh/ /wp-content/HkUfvw0xuCy5/ /wp-content/Ie0/ /wp-content/ItnBDmJay1Udk/ /wp-content/LqCYYSBQ/ /wp-content/VJ/ /wp-content/W7XGpodRs5kYvnV/ /wp-content/X4Ce/ /wp-content/ebHTB4UF2/ /wp-content/qZ9UqoY2IzXUAqW3/ /wp-includes/0bAm9feNorwTmVrj/ /wp-includes/6sfYo/ /wp-includes/7dLR8UB3RFfSHd4cZN/ /wp-includes/9xqp/ /wp-includes/EMa/ /wp-includes/KtXrm5GwJ/ /wp-includes/RmCbvIKjjtlB3tabyPo/ /wp-includes/Tad/ /wp-includes/Vyj7l35iCeCAT/ /wp-includes/YBS9a02Y68auiEdP/ /wp-includes/YHQ1W1R2iSznft2vO/ /wp-includes/YqYdLFA/ /wp-includes/bQ1/ /wp-includes/edvf/ /wp-includes/fVVa9DXB/ /wp-includes/pvDqUHqjYEqoQ6R/ /wp-includes/tyiPqbUMvMq79yMyM8E/ /wp-includes/z92ZVqHH8/ /xcg/uZSU/ /y6krss/EGm347cqj5/ /yrrct/QcbxhqCQ/ /z/Z1PG6ulBh20plss/ /00YpKFEZ/ /0Ysot/ /0bAm9feNorwTmVrj/ /15zZybP1EXttxDK4JH/ /1oyGiKJgrGOQE/ /1sR2HfFxQnkWuu/ /2horjuyP/ /38pr2cu3xt2Ai/ /3OkjcVmCPdokTG/ /49zvkrPOeNa346BZfzRNtmmpCNcRmGQHwN9bDIZ7aqABWR/ /55vS6Mo8YYii/ /5wy8L0TQ1xCZEr/ /6BuOTbA/ /6hoBPCb3E/ /6sfYo/ /7dLR8UB3RFfSHd4cZN/ /8ESRhIJAIRh/ /9IZP9RfbH338pFPI/ /9xqp/ /AW7ddGt/ /AYvykzg/ /AivCY/ /AxLm/ /BABxyyWZx8Vu/ /BMoLHJM4g/ /CnBgXD/ /DKrM3rb3YibtEJUVmvS/ /EGm347cqj5/ /FIWBL/ /G42LJPLkl/ /H4fjpmz/ /HkUfvw0xuCy5/ /ItnBDmJay1Udk/ /KtXrm5GwJ/ /LIYNOqCthfZuCWQz3/ /LqCYYSBQ/ /NWssAbNOJDxhs/ /O29Fja/ /PnJY1/ /PsABe8gznY/ /QBBByHDDYl0slxlQ/ /QPWeAg0C1hh/ /QcbxhqCQ/ /RmCbvIKjjtlB3tabyPo/ /SLlwnvS7Uxnymm/ /SVSAPzeDU657xJdmJv/ /TnIhz/ /U5W2IGE9m8i9h9r/ /UBfCU05bih/ /UPeayYdSM/ /UkQPppHG9pLNE/ /UoJMgYAc1EES/ /Vghg1n/ /Vyj7l35iCeCAT/ /W7XGpodRs5kYvnV/ /YBS9a02Y68auiEdP/ /YHQ1W1R2iSznft2vO/ /YqYdLFA/ /Z1PG6ulBh20plss/ /a0mJP2Adw5YTHt/ /adJcH8XSC66hKK/ /b5c9CX4IK2GgN6C/ /cAw7Uw2w/ /cDD2dfW/ /cwxgmEZsYIT/ /dU8Ds/ /ebHTB4UF2/ /fSwbQjUMAfGxgdw/ /fVVa9DXB/ /faKwS6p6/ /gZXakh7/ /hTa5ip96VSdNjX/ /i8Lqty/ /ifM9R5ylbVpM8hfR/ /jDDqg/ /k9Db4Vjafnk/ /ks0Mp/ /m7CP7jP7DPkcy/ /mQPAhJhpV/ /njvK9lEVwMfxQyw/ /nmKdRgc70/ /pBoGxZ9igKZKn/ /pY6t2bVC0QWEpk7Q/ /pZ1vbd5Z/ /pvDqUHqjYEqoQ6R/ /qZ7jacauUIqEBtnUm/ /qZ9UqoY2IzXUAqW3/ /sZ7Sw/ /skSsCLJtI24kZvo/ /t37LOj/ /tfQwLyk4/ /tyiPqbUMvMq79yMyM8E/ /tyj208/ /uKCcU1bqvbSvE/ /vh8oEprCE3/ /vnBHCHIlWZx/ /wPY7j2SE5MIv/ /xogkV/ /z92ZVqHH8/ /zbBYgukXYxzAF2hZc/ # Reference: https://twitter.com/K_N1kolenko/status/1498528276574314496 kingspointresidence.com/camelia-diamond_/G/ rockadile.nl/blogs/36DlPQKwRR1vOFQR/ santacruzam.com/wp-admin/FeDgNEP/ thearkrealmproject.com/wp-admin/wxB4Wp3KyEMCsZva/ /blogs/36DlPQKwRR1vOFQR/ /camelia-diamond_/G/ /wp-admin/FeDgNEP/ /wp-admin/wxB4Wp3KyEMCsZva/ /36DlPQKwRR1vOFQR/ /FeDgNEP/ /wxB4Wp3KyEMCsZva/ # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-03-01-IOCs-for-Emotet-epoch4-with-Cobalt-Strike.txt 134.209.156.68:443 147.139.134.226:443 209.15.236.39:8080 dbmtechnologies.ca/wp-content/oZE7jRqRoPg7zVVW9/ diacrestgroup.com/ggv3rjy/9/ mayatherm.com/vendor/3Vk/ merturku.com/blogs/IFcif/ winnieswondersaviary.com/wp-content/GfGvSMj6HihGNZZa9T/ /blogs/IFcif/ /ggv3rjy/9/ /wp-content/GfGvSMj6HihGNZZa9T/ /wp-content/oZE7jRqRoPg7zVVW9/ /GfGvSMj6HihGNZZa9T/ /ggv3rjy/ /IFcif/ /oZE7jRqRoPg7zVVW9/ # Reference: https://twitter.com/JAMESWT_MHT/status/1498594562272546818 87.106.97.83:7080 updatesgarmin.com/c/X5oK7bz/ /c/X5oK7bz/ /X5oK7bz/ # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-03-03-IOCs-for-Emotet-epoch4-with-Cobalt-Strike.txt 139.180.205.161:443 195.154.253.60:8080 217.79.180.211:8080 piajimenez.com/Fox-C/dS4nv3spYd0DZsnwLqov/ inopra.com/wp-includes/3zGnQGNCvIKuvrO7T/ biomedicalpharmaegypt.com/sapbush/BKEaVq1zoyJssmUoe/ getlivetext.com/Pectinacea/AL5FVpjleCW/ janshabd.com/Zgye2/ justforanime.com/stratose/PonwPXCl/ /Fox-C/dS4nv3spYd0DZsnwLqov/ /Pectinacea/AL5FVpjleCW/ /sapbush/BKEaVq1zoyJssmUoe/ /stratose/PonwPXCl/ /wp-includes/3zGnQGNCvIKuvrO7T/ /3zGnQGNCvIKuvrO7T/ /AL5FVpjleCW/ /BKEaVq1zoyJssmUoe/ /dS4nv3spYd0DZsnwLqov/ /PonwPXCl/ # Reference: https://tria.ge/220307-mxtzesgdbj 103.42.58.120:7080 168.119.39.118:443 186.250.48.5:80 51.75.33.122:443 amorespasalon.com/wp-admin/ZsK0FbGGLqNpmzL/ janshabd.com/E33ZFv/ /wp-admin/ZsK0FbGGLqNpmzL/ /E33ZFv/ /ZsK0FbGGLqNpmzL/ # Reference: https://tria.ge/220307-mkg44agbel vrstar-park.com/wp-includes/N8807S9/ /wp-includes/N8807S9/ # Reference: https://twitter.com/Max_Mal_/status/1501236702861475843 146.59.226.45:443 146.59.226.45:8080 162.214.118.104:443 162.214.118.104:8080 185.4.135.27:443 185.4.135.27:8080 217.182.143.248:443 217.182.143.248:8080 # Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_08.03.2022.txt agnesleung.com/raw.backup/p8D6ttXDaNwd/ agretto.com/Template/pnM0iPs4b2IfR7XY7v/ gsmjordan.com/SupplierPanel/XII/ moveit.savvyint.com/config/DsfssbO7BYG/ pakistannakliye.com/Dodonian/tSasxFCiQXxh5Qvin/ retailhpsinterview.com/search/yNbsL/ schwizer.net/styled/D0MG/ shabeerpv.atwebpages.com/css/ww6if1YAsMpjpuGz/ shimal.atwebpages.com/wp-content/xkaRkHr/ sociallysavvyseo.com/PinnacleDynamicServices/pRlYMzvfuu5B/ suleyera.com/components/CNGhltc5v2K6/ wellnessonus.com/wp-admin/OFq5F8Y/ xnxx.c1.biz/images/iJNVpahOW4CBuidDD66/ /Dodonian/tSasxFCiQXxh5Qvin/ /PinnacleDynamicServices/pRlYMzvfuu5B/ /SupplierPanel/XII/ /Template/pnM0iPs4b2IfR7XY7v/ /components/CNGhltc5v2K6/ /config/DsfssbO7BYG/ /css/ww6if1YAsMpjpuGz/ /images/iJNVpahOW4CBuidDD66/ /raw.backup/p8D6ttXDaNwd/ /search/yNbsL/ /styled/D0MG/ /wp-admin/OFq5F8Y/ /wp-content/xkaRkHr/ /tSasxFCiQXxh5Qvin/ /pRlYMzvfuu5B/ /pnM0iPs4b2IfR7XY7v/ /CNGhltc5v2K6/ /DsfssbO7BYG/ /ww6if1YAsMpjpuGz/ /iJNVpahOW4CBuidDD66/ /p8D6ttXDaNwd/ /OFq5F8Y/ /xkaRkHr/ # Reference: https://tria.ge/220314-jw93gafgcn a-u-s.it/qLoyJJFV0q6Z2i/ activ-shoes.ro/wp-includes/7Ob1hpWvAnpR2fK4/ actwell.fr/logs/g2xyR/ afrivac.org/css/sZqqu3mYVHFK/ aservon.com/css/DhaDF9VHoru7/ getlivetext.com/wp-admin/6ZsANn00/ hih7.com/wp-admin/nX8WbaRCZVyVXi/ /css/DhaDF9VHoru7/ /css/sZqqu3mYVHFK/ /logs/g2xyR/ /wp-admin/6ZsANn00/ /wp-admin/nX8WbaRCZVyVXi/ /wp-includes/7Ob1hpWvAnpR2fK4/ /6ZsANn00/ /7Ob1hpWvAnpR2fK4/ /DhaDF9VHoru7/ /nX8WbaRCZVyVXi/ /qLoyJJFV0q6Z2i/ /sZqqu3mYVHFK/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_14.03.2022.txt 1.234.2.232:8080 103.221.221.247:8080 151.106.112.196:8080 153.126.146.25:7080 159.65.88.10:8080 176.56.128.118:443 177.87.70.10:8080 185.8.212.130:7080 186.250.48.117:7080 188.44.20.25:443 189.126.111.200:7080 196.218.30.83:443 197.242.150.244:8080 209.126.98.206:8080 5.9.116.246:8080 51.91.7.5:8080 thesparklezbox.com/wp-admin/kFkWN/ herbtytox.com/wp-admin/dq/ asyadegirmen.com/Template/nEMRY55nQgF/ westthamesphysio.com/blog/D8AAkEyZ7u/ adcreators.com.au/adcreators-edm/RDk3LtiwMkuDQy/ nipunpharmaskill.com/css/xm17DssGXjChcmm/ afyonmagazin.com/wp-content/DcnLRE/ /wp-admin/kFkWN/ /wp-admin/dq/ /Template/nEMRY55nQgF/ /blog/D8AAkEyZ7u/ /adcreators-edm/RDk3LtiwMkuDQy/ /css/xm17DssGXjChcmm/ /wp-content/DcnLRE/ /D8AAkEyZ7u/ /DcnLRE/ /nEMRY55nQgF/ /RDk3LtiwMkuDQy/ /xm17DssGXjChcmm/ # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-03-14-IOCs-from-Emotet-epoch5-with-Cobalt-Strike.txt 68.183.62.61:8080 aaticd.co.za/wp-content/6JENALSdgs0RAPqV20z/ abildtrup.eu/wordpress/H0uDBpR/ actua.dk/res/EaoItn4LAZOeLFrFL/ aesiafrique.com/azerty/iTbkP5mpqK/ praachichemfood.com/wp-content/lcT43/ support.techopesolutions.com/application/zTAIK6GZ8I6zSLk/ vulkanvegasbonus.jeunete.com/wp-content/vsQ3Jp0XRqEqsVu/ /application/zTAIK6GZ8I6zSLk/ /azerty/iTbkP5mpqK/ /res/EaoItn4LAZOeLFrFL/ /wordpress/H0uDBpR/ /wp-content/6JENALSdgs0RAPqV20z/ /wp-content/lcT43/ /wp-content/vsQ3Jp0XRqEqsVu/ /6JENALSdgs0RAPqV20z/ /EaoItn4LAZOeLFrFL/ /H0uDBpR/ /iTbkP5mpqK/ /vsQ3Jp0XRqEqsVu/ /zTAIK6GZ8I6zSLk/ # Reference: https://twitter.com/K_N1kolenko/status/1503627704595369984 citybridgesc.at/Ergebnisse/K7mPH42tTl7slZgWH/ letea.eu/wp-content/CgaqeucmpVT2NEK/ life.lst.dx.am/img/WNIWv/ part-co.org/wp-admin/u4NPmsvZ3EWBa8tYlZv/ ponizinny.nl/wp-admin/KdLO9n/ protokol.mx/Archivos/HgTqbLkgrgLAvunV/ sport-foto.nu/wp-content/Jqf9mfIPcA/ /Archivos/HgTqbLkgrgLAvunV/ /Ergebnisse/K7mPH42tTl7slZgWH/ /img/WNIWv/ /wp-admin/KdLO9n/ /wp-admin/u4NPmsvZ3EWBa8tYlZv/ /wp-content/CgaqeucmpVT2NEK/ /wp-content/Jqf9mfIPcA/ /CgaqeucmpVT2NEK/ /HgTqbLkgrgLAvunV/ /Jqf9mfIPcA/ /K7mPH42tTl7slZgWH/ /KdLO9n/ /WNIWv/ /u4NPmsvZ3EWBa8tYlZv/ # Reference: https://twitter.com/K_N1kolenko/status/1503619640118943745 almoiz.com/urdu/LDlbo5gc4c/ aquinoabogados.com.ar/newsletter/tx9KBb2j/ asave.com.mx/cgi-bin/CUa/ avcservices-tt.com/EANAPI/hswSV1/ avrworks.com/mail/tGJconiBvy59a81/ e-tactics.com/wordpress/wpau-backup/i8Sv/ fitfabtherapy.com/Untitled-1/AdRf0JsnyI/ /EANAPI/hswSV1/ /Untitled-1/AdRf0JsnyI/ /mail/tGJconiBvy59a81/ /newsletter/tx9KBb2j/ /urdu/LDlbo5gc4c/ /wordpress/wpau-backup/i8Sv/ /AdRf0JsnyI/ /LDlbo5gc4c/ /hswSV1/ /tGJconiBvy59a81/ /tx9KBb2j/ # Reference: https://twitter.com/pancak3lullz/status/1503741093166395399 192.99.251.50:443 avrworks.com/mail/0Z4GbaKuDTGprJ/ /mail/0Z4GbaKuDTGprJ/ /0Z4GbaKuDTGprJ/ # Reference: https://tria.ge/220316-lpjytacaa2/ 101.50.0.91:8080 103.43.46.182:443 119.193.124.41:7080 167.99.115.35:8080 195.201.151.129:8080 217.182.25.250:8080 45.76.1.145:443 72.15.201.15:8080 alinac.ca/images/Lp6yKpIpRf6/ alinatourbg.com/mail/TBCGVNzLeENXb/ /images/Lp6yKpIpRf6/ /mail/TBCGVNzLeENXb/ /Lp6yKpIpRf6/ /TBCGVNzLeENXb/ # Reference: https://twitter.com/K_N1kolenko/status/1504352894237163525 # Reference: https://pastebin.com/3yc6iq9r altunyapiinsaat.com/datyusdtyuastbgdasg-23/vKckKhX11LJ/ blauwpurper.com/1rqbse/sSLCY0e/ bluefandago.com/qAbYoo/ bluerondo.net/cgi-bin/pEa9vohNq/ bogdan2003.com/4rzvAQRGzRhYmgbW3F/ bombtire.com/Ke0tX4d2vve/ borgmesteren.com/A9vrzBGuJJRSLuoD8/ borjalnoor.com/engine1/MHH/ bosny.com/aspnet_client/txzRH8yyBfH35i/ boxtelreport.com/biin/2Yjj6VB7u/ bozzline.com/cp/SGOwQkA00x5Ixe14e/ brendancleary.net/code_playground/e3ZqQ5WzPBq/ briankish.com/wp-includes/rU8RGhpptOleZ6070J8/ bridgetobalance.com/wp-content/uploads/OanMdqdzMjmmc2FY/ brucemulkey.com/wp-admin/XGXUrF2z0I/ bsgllc.tv/cloud/dASrd9jE/ buddymorel.com/cdar/3Egg7sUHTTd8kSrFj/ buketkucukbey.com/wp-admin/isUHefbl/ bulldogironworksllc.com/temp/r8YAI2o98o4j0UPn/ bvirtual.com/affinita/4jiy6L/ cabans.com/labs/atB4nhC3PxhoTrBe7/ /1rqbse/sSLCY0e/ /affinita/4jiy6L/ /aspnet_client/txzRH8yyBfH35i/ /biin/2Yjj6VB7u/ /cdar/3Egg7sUHTTd8kSrFj/ /cgi-bin/pEa9vohNq/ /cloud/dASrd9jE/ /code_playground/e3ZqQ5WzPBq/ /cp/SGOwQkA00x5Ixe14e/ /datyusdtyuastbgdasg-23/vKckKhX11LJ/ /engine1/MHH/ /labs/atB4nhC3PxhoTrBe7/ /temp/r8YAI2o98o4j0UPn/ /wp-admin/XGXUrF2z0I/ /wp-admin/isUHefbl/ /wp-includes/rU8RGhpptOleZ6070J8/ /1rqbse/ /2Yjj6VB7u/ /3Egg7sUHTTd8kSrFj/ /4jiy6L/ /4rzvAQRGzRhYmgbW3F/ /A9vrzBGuJJRSLuoD8/ /Ke0tX4d2vve/ /SGOwQkA00x5Ixe14e/ /XGXUrF2z0I/ /dASrd9jE/ /datyusdtyuastbgdasg-23/ /e3ZqQ5WzPBq/ /isUHefbl/ /pEa9vohNq/ /qAbYoo/ /r8YAI2o98o4j0UPn/ /rU8RGhpptOleZ6070J8/ /sSLCY0e/ /txzRH8yyBfH35i/ /vKckKhX11LJ/ atB4nhC3PxhoTrBe7/ # Reference: https://www.virustotal.com/gui/file/9425059d5d3237fc6f4190c59417b93f72648115cc8cb95938830e5d6bb6b3a7/detection bellaitaliatour.com/gite/YcFHn/ buchhave.net/cache/t82rF5S/ /cache/t82rF5S/ /gite/YcFHn/ /t82rF5S/ /YcFHn/ # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-17%20Emotet%20(E4)%20IOCs 50-50aravidis.gr/thesi/wmL/ amplamaisbeneficios.com.br/contratos/MWnnZG/ bcingenieria.es/phpmailer/Z7fmcI7Va/ bredabeeld.nl/OLD/eavGp2KOdwXT/ cagataygunes.com.tr/stylesheets/uqK4kfhG4RAuRIA2/ kogelvanger.nl/picture_library/1MNqKan2FhWtQg5Uacu/ osmani.atwebpages.com/wp-content/Ynwrr/ /OLD/eavGp2KOdwXT/ /contratos/MWnnZG/ /phpmailer/Z7fmcI7Va/ /picture_library/1MNqKan2FhWtQg5Uacu/ /stylesheets/uqK4kfhG4RAuRIA2/ /thesi/wmL/ /wp-content/Ynwrr/ /1MNqKan2FhWtQg5Uacu/ /MWnnZG/ /Z7fmcI7Va/ /eavGp2KOdwXT/ /uqK4kfhG4RAuRIA2/ # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-16%20Emotet%20IOCs arkidecture.com/vendor/5Ibj6pmUm/ aulavirtualapecc.com/server/qramDt1UIotz/ ausnz.net/2010wc/odSi5tQKkCIXEWl9/ azsiacenter.com/js/sOhmiosLJOgwaP6i5nln/ berekethaber.com/dosyalar/2z6RZL/ bilandecompetences.fr/administrator/3c/ bizztream.com/images/NS85wHTdIY9N5Ay/ blessingsource.com/blessingsource.com/rFQ0Ip6lQXXK/ blessingsource.com/rFQ0Ip6lQXXK/ bostonseafarms.com/images/zPgXFMy8VbKNXtFp/ brittknight.com/PHP/f/ bruiserbodies.com/images/vAj7fuqYe5y9/ buchhave.net/cache/t82rF5S/ calzadoyuyin.com/cgj-bin/uzOOL/ careerplan.host20.uk/images/Ls/ carloshd.com/trulia/4vsUaqQd/ casache.com/web/n3jxwXXwa/ casazulshop.com/Adapter/yJTgSEDEpQvm/ ccalaire.com/wp-admin/d1pGRa0X/ cdimprintpr.com/brochure2/A9NmYDndZ/ ingelse.net/Overview/slWIUhVtK/ wimmergroup.com/home_tours/Pvnw2/ /vendor/5Ibj6pmUm/ /server/qramDt1UIotz/ /2010wc/odSi5tQKkCIXEWl9/ /js/sOhmiosLJOgwaP6i5nln/ /dosyalar/2z6RZL/ /images/NS85wHTdIY9N5Ay/ /blessingsource.com/rFQ0Ip6lQXXK/ /images/zPgXFMy8VbKNXtFp/ /images/vAj7fuqYe5y9/ /cache/t82rF5S/ /cgj-bin/uzOOL/ /trulia/4vsUaqQd/ /web/n3jxwXXwa/ /Adapter/yJTgSEDEpQvm/ /wp-admin/d1pGRa0X/ /brochure2/A9NmYDndZ/ /Overview/slWIUhVtK/ /home_tours/Pvnw2/ /2z6RZL/ /4vsUaqQd/ /5Ibj6pmUm/ /A9NmYDndZ/ /NS85wHTdIY9N5Ay/ /Pvnw2/ /d1pGRa0X/ /n3jxwXXwa/ /odSi5tQKkCIXEWl9/ /qramDt1UIotz/ /rFQ0Ip6lQXXK/ /sOhmiosLJOgwaP6i5nln/ /slWIUhVtK/ /t82rF5S/ /uzOOL/ /vAj7fuqYe5y9/ /yJTgSEDEpQvm/ /zPgXFMy8VbKNXtFp/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_18.03.2022.txt 1.234.21.73:7080 120.50.40.183:80 149.56.128.192:443 160.16.218.63:8080 206.188.212.92:8080 209.250.246.206:443 amautatravel.com/cgi-bin/WhWIic/ bb2play.com/wzzx/ohb2qfuK/ crazy97.com/wp-includes/buF/ olawyer.net/wp-includes/e8jtEIL3lFkImOvd9k/ pianistprodigy.com/demolms/Ax6ZgvEJJ8HEKfXrp/ pregy.org/test/rXTl1DEv0CWCE/ risamfg.com/wp-admin/JtqFQW/ romusreselling.xyz/wordpress/Lgv7VKTvFFuBH8uct2Eq/ s4tiva.com/wp-content/pO/ salnesbici.com/wp-includes/ZD/ tebetdanelon.com.br/wp-content/iVrceXC3knlRRl/ thailand-rocco.com/wp-content/gE7UvFwLh/ thethriftstoreonline.com/wp-includes/6d8iUiRR5/ toyota-used-pickups.com/wp-content/LXVnLNH766/ /cgi-bin/WhWIic/ /demolms/Ax6ZgvEJJ8HEKfXrp/ /test/rXTl1DEv0CWCE/ /wordpress/Lgv7VKTvFFuBH8uct2Eq/ /wp-admin/JtqFQW/ /wp-content/LXVnLNH766/ /wp-content/gE7UvFwLh/ /wp-content/iVrceXC3knlRRl/ /wp-content/pO/ /wp-includes/6d8iUiRR5/ /wp-includes/ZD/ /wp-includes/buF/ /wp-includes/e8jtEIL3lFkImOvd9k/ /wzzx/ohb2qfuK/ /6d8iUiRR5/ /Ax6ZgvEJJ8HEKfXrp/ /JtqFQW/ /LXVnLNH766/ /Lgv7VKTvFFuBH8uct2Eq/ /WhWIic/ /e8jtEIL3lFkImOvd9k/ /gE7UvFwLh/ /iVrceXC3knlRRl/ /rXTl1DEv0CWCE/ /wzzx/ohb2qfuK/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_18.03.2022.txt 103.133.214.242:8080 103.82.248.59:7080 121.78.112.42:8080 188.166.229.148:443 2.58.16.87:8080 202.28.34.99:8080 36.67.23.59:443 80.211.107.116:8080 ausnz.net/2010wc/RhAYVPNypjphNNk6J/ belisip.net/libs/Swift-5.1.0/F5XU7EuPePQ/ blog.centerking.top/wp-includes/WEIuPafz0bS/ edu-media.cn/wp-admin/TOu/ ppiabanyuwangi.or.id/lulu-1937/daURDNUyso/ acerestoration.co.za/wp-admin/gJqMBYhQHYsDE/ lydt.cc/wp-includes/jprpcO8U/ /2010wc/RhAYVPNypjphNNk6J/ /lulu-1937/daURDNUyso/ /wp-admin/gJqMBYhQHYsDE/ /wp-includes/WEIuPafz0bS/ /wp-includes/jprpcO8U/ /RhAYVPNypjphNNk6J/ /WEIuPafz0bS/ /daURDNUyso/ /gJqMBYhQHYsDE/ /jprpcO8U/ /lulu-1937/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_10.03.2022.txt http://103.85.95.5 http://185.187.70.35 http://185.210.144.149 http://188.166.245.112 http://45.76.178.115 13cuero.com/wp-admin/ff5srrfTNsCju6sD3/ abinsk.com/cgi-bin/fm63rXkG5Y/ academicinst.com/wp-includes/44ZVeVQBkeOG/ agnesleung.com/raw.backup/j4ry/ agretto.com/Template/ziasuz5w8pS08Gm2/ ajaxmatters.com/c7g8t/kYHGlphIEPNOImddm1/ henrysfreshroast.com/0Rq5zobAZB/ lifebotl.com/Response/WllkQWM/ livejagat.com/h/SjpRvD/ /Response/WllkQWM/ /Template/ziasuz5w8pS08Gm2/ /c7g8t/kYHGlphIEPNOImddm1/ /cgi-bin/fm63rXkG5Y/ /h/SjpRvD/ /raw.backup/j4ry/ /sample_sticker/tihOPhaF1l0V/ /sipadu/eFi8UiJETZiK1FB/ /uploads/87DtpAEZULSccOn/ /wordpress_bo/srvoaI2MBFc/ /wp-admin/ff5srrfTNsCju6sD3/ /wp-includes/44ZVeVQBkeOG/ /0Rq5zobAZB/ /44ZVeVQBkeOG/ /87DtpAEZULSccOn/ /WllkQWM/ /eFi8UiJETZiK1FB/ /ff5srrfTNsCju6sD3/ /fm63rXkG5Y/ /h/SjpRvD/ /kYHGlphIEPNOImddm1/ /srvoaI2MBFc/ /tihOPhaF1l0V/ /ziasuz5w8pS08Gm2/ # Reference: https://www.virustotal.com/gui/file/009691eac43a379cfb16af76765628fa7b5edd661f15269473810499069e0703/detection agapewilderness.com/wordpress/cj5O/ ruskinc.com/7k2ql/zmIt/ /7k2ql/zmIt/ /wordpress/cj5O/ # Reference: https://twitter.com/0xhido/status/1506579383020310528 1.234.65.61:7080 119.59.125.140:8080 # Reference: https://tria.ge/220324-y4jmtadhh5 51.91.76.89:8080 70.36.102.35:443 92.240.254.110:8080 cornerstonecreativestudios.com/boards/ilsFKKHH7GaR/ csm101.com/transam/T7wblKicmeBabj2h/ dacentec2.layeredserver.com/speedtest/yjnnw/ datie-tw.com/test/yXPr0DO/ /boards/ilsFKKHH7GaR/ /transam/T7wblKicmeBabj2h/ /speedtest/yjnnw/ /test/yXPr0DO/ /ilsFKKHH7GaR/ /T7wblKicmeBabj2h/ /yXPr0DO/ # Reference: https://www.virustotal.com/gui/file/02078a3ed9664ff38d9f608449ad383be31431ac3c6116a437ff43c55c6d6999/detection 148.103.9.108:53 70.119.159.214:443 hopeintlschool.org/FQ9AFMoF8GZKwyVvg_GC/ /FQ9AFMoF8GZKwyVvg_GC/ # Reference: https://www.virustotal.com/gui/file/9b549e9ae691f8b583596b3a513ca77624517277b8ce18a5379e2a75604cd6aa/detection 138.197.109.175:8080 187.84.80.182:443 189.232.46.161:443 213.128.75.146:80 45.176.232.125:443 79.143.187.147:443 81.95.101.8:443 garantihaliyikama.com/wp-admin/FjgB6I/ /wp-admin/FjgB6I/ # Reference: https://twitter.com/abel1ma/status/1509657141409611778 103.132.242.26:8080 104.131.11.205:443 # Reference: https://www.virustotal.com/gui/file/edad1240602c1c0ea6e29f8b5848f75e5b5f9a7f252126a06a734542ca97e4aa/detection http://80.78.25.223 # Reference: https://twitter.com/netresec/status/1511267811825442822 # Reference: https://www.virustotal.com/gui/file/00af88203038a866f2314666e7d5133053d271922534cab85306c46d52a50f34/detection 142.93.76.76:7080 94.177.178.26:8080 # Reference: https://twitter.com/abel1ma/status/1511295201268355076 149.56.131.28:8080 185.4.135.165:8080 217.182.78.224:443 27.54.89.58:8080 # Reference: https://twitter.com/0xhido/status/1512012062603546626 etsversailles.net/webroot/ZEurBsC2H3soeiFbyeQ/ globoagronegocios.com.br/style/KEJQWXf2b9thskc5cV/ hr.devsrm.com/wp-content/Jk6gOcQOpRWGwL/ teamdriversonly.com/wp-admin/eF7AJ/ /style/KEJQWXf2b9thskc5cV/ /webroot/ZEurBsC2H3soeiFbyeQ/ /wp-content/Jk6gOcQOpRWGwL/ /wp-admin/eF7AJ/ /Jk6gOcQOpRWGwL/ /KEJQWXf2b9thskc5cV/ /ZEurBsC2H3soeiFbyeQ/ # Reference: https://twitter.com/Artilllerie/status/1516368959322349575 # Reference: https://0paste.com/367536 103.70.28.102:8080 104.168.154.79:8080 134.122.66.193:8080 134.195.212.50:7080 138.197.147.101:443 160.16.142.56:8080 167.172.253.162:8080 172.104.251.154:8080 183.111.227.137:8080 201.94.166.162:443 206.189.28.199:8080 45.235.8.30:8080 91.207.28.33:8080 94.23.45.86:4143 # Reference: https://twitter.com/phage_nz/status/1516967915165167616 # Reference: https://pastebin.com/raw/vFpr9mAa 138.201.142.73:8080 209.97.163.214:443 djunreal.co.uk/site/ApOKpFad/ fpd.cl/cgi-bin/N/ gandhitoday.org/video/6JvA8/ genccagdas.com.tr/assets/doWHIxLe7e/ grafischer.ch/fit-well/wDPTwKtZPoWL12/ johnsonsmedia.it/img/ZBNk0xpRL8YEVl/ /assets/doWHIxLe7e/ /fit-well/wDPTwKtZPoWL12/ /img/ZBNk0xpRL8YEVl/ /site/ApOKpFad/ /ApOKpFad/ /doWHIxLe7e/ /wDPTwKtZPoWL12/ /ZBNk0xpRL8YEVl/ # Reference: https://twitter.com/Cryptolaemus1/status/1517251752743301120 ciencias-exactas.com.ar/old/Bupubz1trh/ counteract.com.br/wp-admin/WWcACJFy3Yn/ creemo.pl/wp-admin/0uDUHJ4KVAw/ dancefox24.de/templates/owT/ focusmedica.in/fmlib/TYiQdcEj9FW0/ /old/Bupubz1trh/ /wp-admin/WWcACJFy3Yn/ /wp-admin/0uDUHJ4KVAw/ /templates/owT/ /fmlib/TYiQdcEj9FW0/ /0uDUHJ4KVAw/ /Bupubz1trh/ /TYiQdcEj9FW0/ /WWcACJFy3Yn/ # Reference: https://twitter.com/Cryptolaemus1/status/1517521562366185472 ecube.com.mx/e2oCWBnC/6wp2K4sfQmVIRy6ZvdiH/ edoraseguros.com.br/cgi-bin/l7ZERv5deNsfzlZUZ/ sanoma.allrent.nl/cgi-bin/KXbI5OhLJ/ /e2oCWBnC/6wp2K4sfQmVIRy6ZvdiH/ /cgi-bin/l7ZERv5deNsfzlZUZ/ /cgi-bin/KXbI5OhLJ/ /6wp2K4sfQmVIRy6ZvdiH/ /e2oCWBnC/ /KXbI5OhLJ/ /l7ZERv5deNsfzlZUZ/ # Reference: https://twitter.com/Cryptolaemus1/status/1517528579042512898 fpd.cl/cgi-bin/83E0xgTMc/ el-energiaki.gr/wp-content/plugins/really-simple-ssl/testssl/serverport443/WUV5PJA/ manchesterslt.co.uk/a-to-z-of-slt/Ntrci3Ry/ contactworks.nl/layouts/fFxKZabh/ baykusoglu.com.tr/wp-admin/Y3sRBcOfZ34wg2sO/ ceibadiseno.com.mx/brochure/kBuNjsECS9y2gRB6xaC/ /a-to-z-of-slt/Ntrci3Ry/ /brochure/kBuNjsECS9y2gRB6xaC/ /cgi-bin/83E0xgTMc/ /layouts/fFxKZabh/ /wp-admin/Y3sRBcOfZ34wg2sO/ /wp-content/plugins/really-simple-ssl/testssl/serverport443/WUV5PJA/ /83E0xgTMc/ /Ntrci3Ry/ /WUV5PJA/ /Y3sRBcOfZ34wg2sO/ /a-to-z-of-slt/ /fFxKZabh/ /kBuNjsECS9y2gRB6xaC/ # Reference: https://twitter.com/Cryptolaemus1/status/1517627882574848000 eznetb.synology.me bencevendeghaz.hu/wp-includes/90vlsYW5JIjZ/ dacentec2.layeredserver.com/speedtest/WdJzQRE9Ghvs/ darksword.nl/awstats/ZqVnU5ol/ ftp.ciplafe.com.br/ALT/3wdBYJepRV/ reneetten.nl/contact-formulier/tvzATnImFMNf20rc7/ vip-clinic.razrabotka.by/about_center/LMtBTcLH0pH1oPhi9/ /ALT/3wdBYJepRV/ /about_center/LMtBTcLH0pH1oPhi9/ /awstats/ZqVnU5ol/ /contact-formulier/tvzATnImFMNf20rc7/ /speedtest/WdJzQRE9Ghvs/ /wp-includes/90vlsYW5JIjZ/ /3wdBYJepRV/ /90vlsYW5JIjZ/ /LMtBTcLH0pH1oPhi9/ /WdJzQRE9Ghvs/ /ZqVnU5ol/ /tvzATnImFMNf20rc7/ # Reference: https://twitter.com/Cryptolaemus1/status/1518594806917697536 cipro.mx/prensa/siZP69rBFmibDvuTP1L/ colegiounamuno.es/cgi-bin/E/ creemo.pl/wp-admin/ZKS1DcdquUT4Bb8Kb/ demo34.ckg.hk/service/hhMZrfC7Mnm9JD/ filmmogzivota.rs/SpryAssets/gDR/ focusmedica.in/fmlib/IxBABMh0I2cLM3qq1GVv/ /SpryAssets/gDR/ /fmlib/IxBABMh0I2cLM3qq1GVv/ /prensa/siZP69rBFmibDvuTP1L/ /service/hhMZrfC7Mnm9JD/ /wp-admin/ZKS1DcdquUT4Bb8Kb/ /IxBABMh0I2cLM3qq1GVv/ /SpryAssets/ /ZKS1DcdquUT4Bb8Kb/ /hhMZrfC7Mnm9JD/ /siZP69rBFmibDvuTP1L/ # Reference: https://twitter.com/Cryptolaemus1/status/1518877445968908288 7gallery.com/bbeauty_download/HpOjrjExAb6PY/ clubmanager.net.ar/prueba/7llR9qWfQdqlnImliUE/ dwwmaster.com/wp-content/tfNs1crHYZd6F5/ e5web.com.br/wp-content/4TPDUppb/ farschid.de/verkaufsberater_service/uADJw/ kupondigital.stormapp.in/mido-nicu/9NSRCfZB/ /bbeauty_download/HpOjrjExAb6PY/ /mido-nicu/9NSRCfZB/ /prueba/7llR9qWfQdqlnImliUE/ /verkaufsberater_service/uADJw/ /wp-content/4TPDUppb/ /wp-content/tfNs1crHYZd6F5/ /4TPDUppb/ /7llR9qWfQdqlnImliUE/ /9NSRCfZB/ /HpOjrjExAb6PY/ /tfNs1crHYZd6F5/ # Reference: https://twitter.com/Cryptolaemus1/status/1518921572458786817 http://188.166.245.112 http://47.244.189.73 al-brik.com/vb/EBB7FuaWnJm/ bulldogironworksllc.com/temp/6UyNu8/ dnautik.com/wp-includes/vTARHRKHjRqkGKU/ mymicrogreen.mightcode.com/Fox-C/hlHV/ /--/er2yA5LkRcXrT0Q/ /Fox-C/hlHV/ /temp/6UyNu8/ /template/Ryk/ /vb/EBB7FuaWnJm/ /wp-includes/vTARHRKHjRqkGKU/ /6UyNu8/ /EBB7FuaWnJm/ /er2yA5LkRcXrT0Q/ /vTARHRKHjRqkGKU/ # Reference: https://twitter.com/Cryptolaemus1/status/1518973102515908613 http://51.222.72.237 vrstar-park.com/wp-includes/2UYhNgIaNeIBM/ dn000893.ferozo.com/agenda/ckU4orOn4/ dlqsclub.com/wp-content/uploads/4ImMYkgI44psweaKI/ towardsun.net/admin/n56wg9bSZPF/ crecercreando.com/tapas2/AWlo/ /admin/n56wg9bSZPF/ /agenda/ckU4orOn4/ /tapas2/AWlo/ /uploads/4ImMYkgI44psweaKI/ /wp-includes/2UYhNgIaNeIBM/ /wp-includes/2l92XulnC6aZzv0jNGN/ /2l92XulnC6aZzv0jNGN/ /2UYhNgIaNeIBM/ /4ImMYkgI44psweaKI/ /ckU4orOn4/ /n56wg9bSZPF/ # Reference: https://twitter.com/ScarletSharkSec/status/1517505050129616896 escueladecinemza.com.ar/_installation/IBlj/ /_installation/IBlj/ # Reference: https://twitter.com/Cryptolaemus1/status/1519038935980470272 anat-bar.co.il/wp-admin/D6Lis5CtrMdurM/ bencevendeghaz.hu/wp-includes/iUWvUNq/ brendancleary.net/images/oILEJxOb021OghGdxs/ edoraseguros.com.br/cgi-bin/mh3MMGKfhXtJ/ hmeng.co.uk/cgi-bin/H/ reneetten.nl/Menu/XNMhx6nSnnpp8aZzk/ /cgi-bin/mh3MMGKfhXtJ/ /images/oILEJxOb021OghGdxs/ /Menu/XNMhx6nSnnpp8aZzk/ /wp-admin/D6Lis5CtrMdurM/ /wp-includes/iUWvUNq/ /D6Lis5CtrMdurM/ /XNMhx6nSnnpp8aZzk/ /iUWvUNq/ /mh3MMGKfhXtJ/ /oILEJxOb021OghGdxs/ # Reference: https://twitter.com/Cryptolaemus1/status/1519073535955976192 agenciaml.com.br/cgi-bin/dgAqqwwIeejxNozI/ ceibadiseno.com.mx/brochure/5bH/ danialteb.com/wp-admin/2V8H/ demo.cansunoto.com/wp-admin/XyGLg1/ fpd.cl/cgi-bin/8Cwqi8/ /cgi-bin/8Cwqi8/ /cgi-bin/dgAqqwwIeejxNozI/ /uploads/g5QMC5XVlj/ /wp-admin/XyGLg1/ /dgAqqwwIeejxNozI/ /g5QMC5XVlj/ /XyGLg1/ # Reference: https://twitter.com/Cryptolaemus1/status/1519219898182148096 nenlineasv.com/encasa/qnKqfcj4q/ homeeflyer.com/7photo2/PiLGiTrLqCWuoRr6/ txpcrescue.com/cgi-bin/j6dLSsv1R82q7vAUYlC/ boxtelreport.com/biin/P0ra/ allamapianoawards.com/quisint/acTtbOgh/ /7photo2/PiLGiTrLqCWuoRr6/ /biin/P0ra/ /cgi-bin/j6dLSsv1R82q7vAUYlC/ /encasa/qnKqfcj4q/ /quisint/acTtbOgh/ /acTtbOgh/ /j6dLSsv1R82q7vAUYlC/ /PiLGiTrLqCWuoRr6/ /qnKqfcj4q/ # Reference: https://twitter.com/Cryptolaemus1/status/1519304698825953280 # Reference: https://twitter.com/Cryptolaemus1/status/1519240532366479360 damiris.ro/img/QJ1iNu9KooBeLTN08srJ/ garagewestrotterdam.nl/wp-includes/6BYbSEM/ geowf.ge/templates/TlbsO1F7p/ holidayonehotel.com/libraries/tVTlV5bTLT4dtj/ kustens.com/A-Kus/stoyH/ /A-Kus/stoyH/ /img/QJ1iNu9KooBeLTN08srJ/ /libraries/tVTlV5bTLT4dtj/ /templates/TlbsO1F7p/ /wp-includes/6BYbSEM/ /6BYbSEM/ /QJ1iNu9KooBeLTN08srJ/ /TlbsO1F7p/ /tVTlV5bTLT4dtj/ # Reference: https://twitter.com/Cryptolaemus1/status/1520060381342797824 # Reference: https://twitter.com/Cryptolaemus1/status/1520050490503221249 # Reference: https://twitter.com/Cryptolaemus1/status/1519990443395944449 # Reference: https://twitter.com/Cryptolaemus1/status/1519662866273497088 # Reference: https://twitter.com/Cryptolaemus1/status/1519662865195896832 # Reference: https://twitter.com/Max_Mal_/status/1519797858681208832 # Reference: https://twitter.com/Max_Mal_/status/1519599847174807553 77homolog.com.br/dev-jealves/GP55wbYNXnp6/ ciencias-exactas.com.ar/old/w/ clearconstruction.co.uk/scripts/Ev5IXoBvFJkBQ0MZXb/ clubmanager.net.ar/prueba/VNqsx368FHqKK/ ecoarch.com.tw/cgi-bin/E/ farschid.de/verkaufsberater_service/OZRw36a2y1CH2clUzY/ filmmogzivota.rs/SpryAssets/or24hhBl2Ib8704SDO/ galaxy-catering.com.vn/galxy/Fg1vvhlYJ/ geowf.ge/templates/pJRea3Iu3wG/ gerontogeriatria.org/tmp/cB6cgTVfyyZ3b1w9d/ gmhealthcare.dothome.co.kr/css/RT6FG9/ gnr.gtu.ge/admin/yKgYN2K0mYY/ graduate.cmru.ac.th/web53photo/anKeOTOIYXxzOtlIS9D/ granhoteldiligencias.com.mx/api/ga/ greezly.fr/wp-content/O8R1VyRi16XqKCgoeTK/ grupobatistella.com.br/wp-content/bV2JMWZz/ gummerup.dk/modlogan/DAbeNM/ hangaryapi.com.tr/wp-admin/5n42ncL3nWMbJHwy7/ hcsnet.com.br/wp-content/emmK/ heaventechnologies.com.pk/apitest/1r8uV/ hepsisifa.com/wp-admin/k/ hilse.me/wp-content/DTN/ hkwindsacademy.synology.me/â—ŽeaDir/qH2EHuvYVoJEJ2/ ho280319001.hogibo.net/include/tgQwxic4QwuM/ hoccu.vn/components/gMXyb7/ mymicrogreen.mightcode.com/Fox-C/nhMYwkFXB/ towardsun.net/admin/8NW2TJePs8dZhb/ /admin/8NW2TJePs8dZhb/ /admin/yKgYN2K0mYY/ /components/gMXyb7/ /dev-jealves/GP55wbYNXnp6/ /Fox-C/nhMYwkFXB/ /galxy/Fg1vvhlYJ/ /include/tgQwxic4QwuM/ /modlogan/DAbeNM/ /prueba/VNqsx368FHqKK/ /scripts/Ev5IXoBvFJkBQ0MZXb/ /SpryAssets/or24hhBl2Ib8704SDO/ /templates/pJRea3Iu3wG/ /tmp/cB6cgTVfyyZ3b1w9d/ /verkaufsberater_service/OZRw36a2y1CH2clUzY/ /web53photo/anKeOTOIYXxzOtlIS9D/ /wp-admin/5n42ncL3nWMbJHwy7/ /wp-content/bV2JMWZz/ /wp-content/O8R1VyRi16XqKCgoeTK/ /â—ŽeaDir/qH2EHuvYVoJEJ2/ /5n42ncL3nWMbJHwy7/ /8NW2TJePs8dZhb/ /anKeOTOIYXxzOtlIS9D/ /bV2JMWZz/ /cB6cgTVfyyZ3b1w9d/ /DAbeNM/ /Ev5IXoBvFJkBQ0MZXb/ /Fg1vvhlYJ/ /gMXyb7/ /GP55wbYNXnp6/ /nhMYwkFXB/ /O8R1VyRi16XqKCgoeTK/ /or24hhBl2Ib8704SDO/ /OZRw36a2y1CH2clUzY/ /pJRea3Iu3wG/ /qH2EHuvYVoJEJ2/ /tgQwxic4QwuM/ /VNqsx368FHqKK/ /yKgYN2K0mYY/ # Reference: https://twitter.com/Max_Mal_/status/1521250144297099265 hkwindsacademy.synology.me/@\eaDir/qH2EHuvYVoJEJ2/ /@\eaDir/qH2EHuvYVoJEJ2/ /@\eaDir/ /qH2EHuvYVoJEJ2/ # Reference: https://www.netskope.com/blog/emotet-new-delivery-mechanism-to-bypass-vba-protection # Reference: https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/Emotet/IOCs/2022-05-06 # Reference: https://otx.alienvault.com/pulse/627a83c015db5d4d97dc6779 176.31.73.90:443 45.76.159.214:8080 77.81.247.144:8080 79.137.35.198:8080 # Reference: https://twitter.com/Cryptolaemus1/status/1524431683516125184 dulichdichvu.net/libraries/QhtrjCZymLp5EbqOdpKk/ easiercommunications.com/wp-content/w/ genccagdas.com.tr/assets/TTHOm833iNn3BxT/ goonboy.com/goonie/bSFz7Av/ heaventechnologies.com.pk/apitest/xdeAU0rx26LT9I/ whow.fr/wp-includes/H54Fgj0tG/ /apitest/xdeAU0rx26LT9I/ /assets/TTHOm833iNn3BxT/ /goonie/bSFz7Av/ /libraries/QhtrjCZymLp5EbqOdpKk/ /wp-includes/H54Fgj0tG/ /H54Fgj0tG/ /QhtrjCZymLp5EbqOdpKk/ /TTHOm833iNn3BxT/ /bSFz7Av/ /xdeAU0rx26LT9I/ # Reference: https://www.virustotal.com/gui/file/49fe6395e87da8ec4b62d99f57ad4d32c2b915fedd15927d217099144b84c5ba/detection hoccu.vn/components/gMXyb7/ gummerup.dk/modlogan/DAbeNM/ sunvn.net/x1OrRZcf/onIpchhYNy4wy9f4/ /components/gMXyb7/ /modlogan/DAbeNM/ /x1OrRZcf/onIpchhYNy4wy9f4/ /onIpchhYNy4wy9f4/ /x1OrRZcf/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_11.05.2022.txt 150.95.66.124:8080 63.142.250.212:443 # Reference: https://twitter.com/Cryptolaemus1/status/1524655241081200643 clasite.com/blogs/uaWi/ cmglogistics.com.vn/wp-admin/NJrRcKGdAjwfU/ cubicegg.asia/pKUVQsfSHB/bBq4ILmzfKIoAmwnLP/ ipasvisr.it/Backup_Infe/1X3YMGt/ ismarttechnologies.com/blogs/3futwjfvdLuL3YCI/ simadelicatessen.nl/cgi-bin/SRnme/ /Backup_Infe/1X3YMGt/ /blogs/3futwjfvdLuL3YCI/ /blogs/uaWi/ /cgi-bin/SRnme/ /pKUVQsfSHB/bBq4ILmzfKIoAmwnLP/ /wp-admin/NJrRcKGdAjwfU/ /1X3YMGt/ /3futwjfvdLuL3YCI/ /NJrRcKGdAjwfU/ /bBq4ILmzfKIoAmwnLP/ /pKUVQsfSHB/ # Reference: https://twitter.com/Cryptolaemus1/status/1524773982645354496 inelmsur.com.ec/wp-content/IMKHcKOac2PJTF/ japlatec.com/page/sAnfptTN0J4pw4S6B1Y/ jarce.cl/E-tisalat_Ebill-P/9R3WxKL/ jbhydroseed.com.au/cgi-bin/I0yR8Zp6sx64BOC/ jestteesn.com/YxmIz4SnR0E6dCiN/ChhitVVPogeiM/ jgmsmetr.com/application/R5iQ00PmNv2/ /E-tisalat_Ebill-P/9R3WxKL/ /YxmIz4SnR0E6dCiN/ChhitVVPogeiM/ /application/R5iQ00PmNv2/ /cgi-bin/I0yR8Zp6sx64BOC/ /page/sAnfptTN0J4pw4S6B1Y/ /wp-content/IMKHcKOac2PJTF/ /9R3WxKL/ /ChhitVVPogeiM/ /E-tisalat_Ebill-P/ /I0yR8Zp6sx64BOC/ /IMKHcKOac2PJTF/ /R5iQ00PmNv2/ /YxmIz4SnR0E6dCiN/ /sAnfptTN0J4pw4S6B1Y/ # Reference: https://twitter.com/Cryptolaemus1/status/1525015051630891008 bulldogironworksllc.com/temp/nX6/ datainline.com/aspnet_client/25T/ gnnmuebles.com/repellatdoloremque/XGc7rXmnrdSO/ i-dots.com/image/8C7AwiFZmI1p/ icscompany.com.mx/test/BoLUIEXHqbIK/ ikbenpink.be/cgi-bin/BqktrNSbby9ohP3rxVA/ ilriparatutto.eu/tmp/ri8HKij3z0YO1RKHzbc/ images.lolapix.com/fr/JPiKR1gFN6fIA4Zec/ imenikala.com/wp-admin/vyjYPEc/ ipcity.gr/system/Ztl5THkaQj/ seasidesolutions.com/cgi-bin/ZgCPcorl4dA2G/ /cgi-bin/BqktrNSbby9ohP3rxVA/ /cgi-bin/ZgCPcorl4dA2G/ /fr/JPiKR1gFN6fIA4Zec/ /image/8C7AwiFZmI1p/ /repellatdoloremque/XGc7rXmnrdSO/ /system/Ztl5THkaQj/ /test/BoLUIEXHqbIK/ /tmp/ri8HKij3z0YO1RKHzbc/ /wp-admin/vyjYPEc/ /8C7AwiFZmI1p/ /BoLUIEXHqbIK/ /BqktrNSbby9ohP3rxVA/ /JPiKR1gFN6fIA4Zec/ /XGc7rXmnrdSO/ /ZgCPcorl4dA2G/ /Ztl5THkaQj/ /repellatdoloremque/ /ri8HKij3z0YO1RKHzbc/ /vyjYPEc/ # Reference: https://twitter.com/Cryptolaemus1/status/1524854481451909120 ijsclub-de-volharding.nl/Contact/02tLuEpm/ invisible-hush.org/crichton/N/ irishcarsagadir.net/n3rz4Y9rscfwluelvDV/LqxCq/ itnbg.com/wp-includes/b4aZTW/ /Contact/02tLuEpm/ /n3rz4Y9rscfwluelvDV/LqxCq/ /wp-includes/b4aZTW/ /02tLuEpm/ /n3rz4Y9rscfwluelvDV/ # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1525433866760204293 # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1525434269606322182 # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1525433917049905154 dl.choobingroup.ir/download/Y5gYlH5i6HQwmPktZgc/ hulbaek.com/yKaq/ jhocantemperos.com.br/wp-includes/NDL2YgHPT/ jimenanogueira.uy/wp-includes/ICV3/ /download/Y5gYlH5i6HQwmPktZgc/ /wp-includes/ICV3/ /wp-includes/NDL2YgHPT/ /NDL2YgHPT/ /Y5gYlH5i6HQwmPktZgc/ # Reference: https://gist.github.com/c3rb3ru5d3d53c/67389824a6f1abff32dedb3cc31a5e34 dl5.zahra-media.ir/dl5.zahra-media.ir/roYgjVHpS/ druck-grafik.at/images/fHb4XJM/ edoraseguros.com.br/cgi-bin/ySH8/ hotelmourya.com/aspnet_client/bYgwNXnkq/ isblokken.dk/timelog/V0LK/ jackholland.eu/flashshoot/A1sVGeUdOmXpPeof/ jimdurain.dk/page4/Z1WgiqhBHkq69IULjWSl/ reneetten.nl/Menu/RBjbO/ /images/fHb4XJM/ /cgi-bin/ySH8/ /aspnet_client/bYgwNXnkq/ /timelog/V0LK/ /flashshoot/A1sVGeUdOmXpPeof/ /page4/Z1WgiqhBHkq69IULjWSl/ /Menu/RBjbO/ /A1sVGeUdOmXpPeof/ /bYgwNXnkq/ /fHb4XJM/ /roYgjVHpS/ /Z1WgiqhBHkq69IULjWSl/ # Reference: https://twitter.com/Cryptolaemus1/status/1525072757020852224 hostal-alfonso12.com/clases/SKtPvv/ howesitgoing.com/images/HyaDnlbl6K7tbh2Lugys/ iciee.untirta.ac.id/test/GccRw/ ideoso.com.tw/cgi-bin/zLrnBd2Eg1N3UVy5yL/ inteirado.com.br/fonts/7dJCVvuE5x3YrGQs2oJz/ jdserralheria.com.br/cgi-bin/KFG6/ /clases/SKtPvv/ /cgi-bin/KFG6/ /cgi-bin/zLrnBd2Eg1N3UVy5yL/ /fonts/7dJCVvuE5x3YrGQs2oJz/ /images/HyaDnlbl6K7tbh2Lugys/ /test/GccRw/ /7dJCVvuE5x3YrGQs2oJz/ /HyaDnlbl6K7tbh2Lugys/ /zLrnBd2Eg1N3UVy5yL/ # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-13%20Emotet%20(E4)%20IOCs 102.222.215.74:443 163.44.196.120:8080 23.239.0.12:443 213.241.20.155:443 flash-inc.com/group/igirl/css/QqoV/ ipabogados.cl/js/hhHW8ClD2j7sYcSkNu/ ikatemia.untirta.ac.id/assets/VT/ wifi.hotspot.mg/js/xe70zw8/ hospitaldesitges.cat/OLD_BORRAR/ceCC6SPMue/ janla.dk/Index_htm_files/Hl/ /js/hhHW8ClD2j7sYcSkNu/ /OLD_BORRAR/ceCC6SPMue/ /ceCC6SPMue/ /hhHW8ClD2j7sYcSkNu/ # Reference: https://twitter.com/Cryptolaemus1/status/1526135364838051840 cesasin.com.ar/administrator/PFKcheVl8lsK0NW1y4vZ/ dl.choobingroup.ir/download/I7FnbzONJuj/ dl5.zahra-media.ir/dl5.zahra-media.ir/vJd6L/ flash-inc.com/group/igirl/css/MhzfDBJ0/ ict-qs.nl/tmp/dGh3RsLufJ4bF7hIR6RO/ identidadenaweb.com.br/cgi-bin/WhUzWbySU6HVi3/ /administrator/PFKcheVl8lsK0NW1y4vZ/ /cgi-bin/WhUzWbySU6HVi3/ /css/MhzfDBJ0/ /download/I7FnbzONJuj/ /tmp/dGh3RsLufJ4bF7hIR6RO/ /I7FnbzONJuj/ /MhzfDBJ0/ /PFKcheVl8lsK0NW1y4vZ/ /WhUzWbySU6HVi3/ /dGh3RsLufJ4bF7hIR6RO/ # Reference: https://twitter.com/Cryptolaemus1/status/1526133950447763456 3dstudioa.com.br/cgi-bin/yWpon1Nd03l/ anat-bar.co.il/wp-admin/kZarrjJN148onRnRi/ bencevendeghaz.hu/wp-includes/cLrqBIwf8C/ claudioavelar.adv.br/Revista/JljahSR26i5k/ hullsite.com/0a61/nm6lxocqt/ ppiabanyuwangi.or.id/wp-admin/3Se7giNXt7ZCHG/ /0a61/nm6lxocqt/ /Revista/JljahSR26i5k/ /cgi-bin/yWpon1Nd03l/ /wp-admin/3Se7giNXt7ZCHG/ /wp-admin/kZarrjJN148onRnRi/ /wp-includes/cLrqBIwf8C/ /3Se7giNXt7ZCHG/ /JljahSR26i5k/ /cLrqBIwf8C/ /kZarrjJN148onRnRi/ /nm6lxocqt/ /yWpon1Nd03l/ # Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_18.05.2022.txt # Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_18.05.2022.txt 103.43.75.120:443 103.56.149.105:8080 103.8.26.17:8080 103.85.95.4:8080 104.248.225.227:8080 110.235.83.107:7080 113.59.252.140:36286 116.64.52.198:22668 134.122.119.23:8080 152.136.229.39:8080 159.65.140.115:443 172.105.70.96:443 173.239.37.178:8080 175.126.176.79:8080 178.62.112.199:8080 18.191.122.164:4987 188.225.32.231:4143 188.44.20.25:443 26.19.105.199:26580 27.55.166.48:19567 31.238.181.227:13139 32.53.89.86:40407 51.68.141.164:8080 55.74.152.152:37910 61.87.190.176:45536 68.183.91.111:8080 70.11.238.157:53347 73.238.38.64:44958 89.29.244.7:443 97.67.147.111:40652 borgelin.org/belzebub/okwRWz1C/ bosny.com/aspnet_client/rnMp0ofR/ ceibadiseno.com.mx/brochure/abrtvpK/ easiercommunications.com/wp-content/09i4dfKbpiuj8k/ goodfriendsdriving.com/createschedule/F0jGvgTiFAMRh2Tr8HL/ jonhrach.com/V2/5pisNbarrVm/ joyaargent.cl/assets/AUgGyJgrA7GGKroQQp/ judy.gotchahosting.com/wp-admin/hMZt/ juicedmarketing.co.uk/wp-includes/j1anUZz/ justplay.asia/google/2LE/ keltonconstruction.com/_vti_bin/DFNorq/ loa-hk.com/wp-content/ffBag/ lopespublicidade.com/cgi-bin/e5R5oG4iEaQnxQrZDh/ medreg.uz/Docs/1kj8refeLdotQee2f/ mistchem.com/wp-admin/qcgRq15U9PNBc4z/ msndesign.nl/libraries/c8NvFU14/ musculation-esisa.fr/css/iU2SYlfYxsk/ muslimproperty.co.uk/cgi-in/8lS/ oftalmocity.com/wp-admin/xDjDiXhcS/ omarhospital.com/wp-content/Ved4BBJms7gwl2/ oreidogoogle.com.br/erros/3KUm45ZCCW0T1V/ perlasmarinhas.com.br/wp-includes/ywMovPUTPlTzd6c/ praachichemfood.com/wp-content/Mwmos/ puntamimarlik.com.tr/wp-admin/9IW7L1gKwWOoNQREJ6/ seasidesolutions.com/cgi-bin/WLoO6sEzYCJ3LTlC/ thepublicelection.com/wp-includes/0AEt8wRWroIJmVgEjZC/ wanderlustphtravel.com/cgi-bin/QphfoQq4t/ yamada-shoshi.main.jp/yamada-shoshi/lg1/ /_vti_bin/DFNorq/ /aspnet_client/rnMp0ofR/ /assets/AUgGyJgrA7GGKroQQp/ /belzebub/okwRWz1C/ /brochure/abrtvpK/ /cgi-bin/e5R5oG4iEaQnxQrZDh/ /cgi-bin/QphfoQq4t/ /cgi-bin/WLoO6sEzYCJ3LTlC/ /createschedule/F0jGvgTiFAMRh2Tr8HL/ /css/iU2SYlfYxsk/ /Docs/1kj8refeLdotQee2f/ /erros/3KUm45ZCCW0T1V/ /libraries/c8NvFU14/ /V2/5pisNbarrVm/ /wp-admin/9IW7L1gKwWOoNQREJ6/ /wp-admin/hMZt/ /wp-admin/qcgRq15U9PNBc4z/ /wp-admin/xDjDiXhcS/ /wp-content/09i4dfKbpiuj8k/ /wp-content/ffBag/ /wp-content/Mwmos/ /wp-content/Ved4BBJms7gwl2/ /wp-includes/0AEt8wRWroIJmVgEjZC/ /wp-includes/j1anUZz/ /wp-includes/ywMovPUTPlTzd6c/ /09i4dfKbpiuj8k/ /0AEt8wRWroIJmVgEjZC/ /1kj8refeLdotQee2f/ /3KUm45ZCCW0T1V/ /5pisNbarrVm/ /9IW7L1gKwWOoNQREJ6/ /AUgGyJgrA7GGKroQQp/ /c8NvFU14/ /e5R5oG4iEaQnxQrZDh/ /F0jGvgTiFAMRh2Tr8HL/ /iU2SYlfYxsk/ /j1anUZz/ /okwRWz1C/ /qcgRq15U9PNBc4z/ /QphfoQq4t/ /rnMp0ofR/ /Ved4BBJms7gwl2/ /WLoO6sEzYCJ3LTlC/ /xDjDiXhcS/ /ywMovPUTPlTzd6c/ # Reference: https://twitter.com/Cryptolaemus1/status/1526455588342812672 elamurray.com/cgi-bin/sPgG8g/ mgmeurope.sk/dwl/rrqU9XYAzgAVneYOhI/ microlent.com/admin/GgoC/ mississaugataxi.com/wp-admin/KVoCiQwgjrtavei4x/ mivaria.com/owl-carousel/E6pKFPlGuUW3/ mobilhondabandung.net/ssti/yYrvmJgjpFHHe/ mosbiresources.com/cgi-bin/bTupw38RZHxXK2Web41/ moynan.com/sexmatters.eu/mQbtYGG/ mpmhino.com/modules/zDg2I50UVSjom72Yru5v/ /admin/GgoC/ /cgi-bin/bTupw38RZHxXK2Web41/ /cgi-bin/sPgG8g/ /dwl/rrqU9XYAzgAVneYOhI/ /modules/zDg2I50UVSjom72Yru5v/ /owl-carousel/E6pKFPlGuUW3/ /sexmatters.eu/mQbtYGG/ /ssti/yYrvmJgjpFHHe/ /wp-admin/KVoCiQwgjrtavei4x/ /bTupw38RZHxXK2Web41/ /E6pKFPlGuUW3/ /KVoCiQwgjrtavei4x/ /mQbtYGG/ /rrqU9XYAzgAVneYOhI/ /yYrvmJgjpFHHe/ /zDg2I50UVSjom72Yru5v/ # Reference: https://www.virustotal.com/gui/file/0f3edf4e46a263ca74e1089aaebc8b85db3e80677f8f4606e5f9a09fecec3903/detection bluetoothheadsetreview.xyz mammy-chiro.com/case/ZTkBzbz/ /case/ZTkBzbz/ /wp-includes/xmdHAGgfki/ /xmdHAGgfki/ /ZTkBzbz/ # Reference: https://unit42.paloaltonetworks.com/emotet-malware-summary-epoch-4-5/ # Reference: https://otx.alienvault.com/pulse/6284c3084688a98441397da3 topline36.xyz goodmarketinggroup.com/newish/562_9559085/ hispanicaidgroup.org/ufay0vq/keWIgzwT/ /css/BB9Ajvjs89U9O/ /ufay0vq/keWIgzwT/ /BB9Ajvjs89U9O/ /keWIgzwT/ /ufay0vq/ # Reference: https://twitter.com/Cryptolaemus1/status/1527225384361762816 noelworks.com/band/44/ omega-analytics.com/cgi-bin/nl1aa7GD26OR9/ ordinarymagazine.org/_notes/oMhfAAWIBLrCza/ oshop.es/test/yLT3Xjra352ky/ /_notes/oMhfAAWIBLrCza/ /cgi-bin/nl1aa7GD26OR9/ /test/yLT3Xjra352ky/ /nl1aa7GD26OR9/ /oMhfAAWIBLrCza/ /yLT3Xjra352ky/ # Reference: https://tria.ge/220519-hj3l7afaaq/behavioral2 # Reference: https://www.virustotal.com/gui/file/0ae4570663eb17709b75e8dc94b62b376ad0212f969d678aadc8390977c601ca/detection olgaperezporro.com/js/6vnOMgxQdjedBh/ olgaperezporro.com /js/6vnOMgxQdjedBh/ /6vnOMgxQdjedBh/ # Reference: https://twitter.com/Cryptolaemus1/status/1527363924693499904 megakonferans.com/wp-admin/Xzz08i514NBrg/ myqservice.com.ar/wp-includes/UamQky9H9rSyN7CWdue/ nerz.net/stats/TXGRpKb/ noronhalanches.com.br/cgi-bin/xixssuML9NOJO9/ /cgi-bin/xixssuML9NOJO9/ /stats/TXGRpKb/ /wp-admin/Xzz08i514NBrg/ /wp-includes/UamQky9H9rSyN7CWdue/ /TXGRpKb/ /UamQky9H9rSyN7CWdue/ /xixssuML9NOJO9/ /Xzz08i514NBrg/ # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-19%20Emotet%20(E4)%20IOCs gelish.com/email-hog/YXaPiWbFMKT/ nandonikwebdesign.com/OWs/ nutensport-wezep.nl/wp-includes/QyezZmBmTL8AulMVv0oh/ omeryener.com.tr/wp-admin/oakwcoWufii0JR89G/ /email-hog/YXaPiWbFMKT/ /wp-admin/oakwcoWufii0JR89G/ /wp-includes/QyezZmBmTL8AulMVv0oh/ /oakwcoWufii0JR89G/ /QyezZmBmTL8AulMVv0oh/ /YXaPiWbFMKT/ # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-19%20Emotet%20(E4)%20Rd2%20IOCs napolilovemark.com/Re9e27V3Kd/PQFv/ natdemo.natrixsoftware.com/wp-admin/B1bA/ norbealun.id.au/images/ZL8/ nordicbysight.se/wp-admin/kdFrWJ4/ octante.net/academia/At2FfFcDfkI/ p236119.webspaceconfig.de/wordpress/7/ /academia/At2FfFcDfkI/ /Re9e27V3Kd/PQFv/ /wp-admin/B1bA/ /wp-admin/kdFrWJ4/ /Re9e27V3Kd/ /kdFrWJ4/ /At2FfFcDfkI/ # Reference: https://twitter.com/Cryptolaemus1/status/1527546646816772096 kolejleri.com/wp-admin/REvup/ milanstaffing.com/images/D4TRnDubF/ learnviaonline.com/wp-admin/qGb/ stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/ /classes/05SkiiW9y4DDGvb6/ /images/D4TRnDubF/ /wp-admin/qGb/ /wp-admin/REvup/ /05SkiiW9y4DDGvb6/ /D4TRnDubF/ # Reference: https://twitter.com/Cryptolaemus1/status/1527566492354588674 elamurray.com/athletics-carnival-2018/3UTZYr9D9f/ jr-software-web.net/aaabackupsqldb/11hYk3bHJ/ masyuk.com/581voyze/MlX/ melisetotoaksesuar.com/catalog/controller/account/dqfKI/ /athletics-carnival-2018/3UTZYr9D9f/ /aaabackupsqldb/11hYk3bHJ/ /581voyze/MlX/ /catalog/controller/account/dqfKI/ /11hYk3bHJ/ /3UTZYr9D9f/ /581voyze/ /aaabackupsqldb/ # Reference: https://twitter.com/Cryptolaemus1/status/1527577171459702792 bpsjambi.id/about/VPe69A9Tk/ mandom.co.id/assets/TpIIt7SmNBsWCECLoHrS/ marmaris.com.br/wp-admin/2cfpSuAH/ masidiomas.com/D4WStats/GAhmgvhLgUn6/ pacemaker.cd/images/Xc/ yamada-shoshi.main.jp/yamada-shoshi/V61hH/ /about/VPe69A9Tk/ /assets/TpIIt7SmNBsWCECLoHrS/ /D4WStats/GAhmgvhLgUn6/ /yamada-shoshi/V61hH/ /wp-admin/2cfpSuAH/ /2cfpSuAH/ /D4WStats/ /GAhmgvhLgUn6/ /TpIIt7SmNBsWCECLoHrS/ /VPe69A9Tk/ # Reference: https://twitter.com/Cryptolaemus1/status/1527679486468104193 airliftlimo.com/wp-admin/iMc/ kabeonet.pl/wp-admin/VWlAz5vWJNHDb/ salledemode.com/tgroup.ge/x4bc2kL4BzGAeUsVi/ vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/ /B8d6jr4pBND2HExAmI/lJWa95VlQ/ /tgroup.ge/x4bc2kL4BzGAeUsVi/ /wp-admin/VWlAz5vWJNHDb/ /B8d6jr4pBND2HExAmI/ /lJWa95VlQ/ /VWlAz5vWJNHDb/ /x4bc2kL4BzGAeUsVi/ # Reference: https://twitter.com/Cryptolaemus1/status/1527749740930076672 bencevendeghaz.hu/wp-includes/tXQBsglNOIsunk/ berekethaber.com/hatax/fovLaro/ bosny.com/aspnet_client/ErI5F74cwiiOywe/ cesasin.com.ar/administrator/HC46kHDUSYN305GglCP/ /administrator/HC46kHDUSYN305GglCP/ /aspnet_client/ErI5F74cwiiOywe/ /wp-includes/tXQBsglNOIsunk/ /ErI5F74cwiiOywe/ /HC46kHDUSYN305GglCP/ /tXQBsglNOIsunk/ # Reference: https://twitter.com/Cryptolaemus1/status/1528022730083160064 gumi-repair.iptime.org/wordpress/qrkL1zS36aRe6yk/ karimexpress.ma/cronHelper/Pwbq/ kingkongpizza.ru/fonts/sFUY3/ kingmode.ir/wp-admin/VKuUS10kNpfiLRwQEXN/ kwinglobal.dothome.co.kr/inc/TbUvEBJ/ /cronHelper/Pwbq/ /fonts/sFUY3/ /inc/TbUvEBJ/ /wordpress/qrkL1zS36aRe6yk/ /wp-admin/VKuUS10kNpfiLRwQEXN/ /qrkL1zS36aRe6yk/ /VKuUS10kNpfiLRwQEXN/ # Reference: https://www.virustotal.com/gui/file/02860eb954c1d4934cb9e06fd9d00c247eee4b9fefa39a39d8cfb5fe0fabf2bc/detection 128.199.93.156:443 160.16.143.191:7080 165.22.73.229:8080 clasite.com/blogs/IEEsyn/ opencart-destek.com/catalog/OqHwQ8xlWa5Goyo/ pjesacac.com/components/O93XXhMN3tOtTlV/ /catalog/OqHwQ8xlWa5Goyo/ /components/O93XXhMN3tOtTlV/ /O93XXhMN3tOtTlV/ /OqHwQ8xlWa5Goyo/ # Reference: https://twitter.com/Cryptolaemus1/status/1526458556156760064 lakor.ch/lakor/u41taimP/ metalgas.com.ar/wp-includes/2Ecobg/ /lakor/u41taimP/ /wp-includes/2Ecobg/ # Reference: https://twitter.com/Max_Mal_/status/1526488126461513729 75155dae0c8c8496.main.jp/js/ajB3sTqbQfUWSTM/ adepgroup.com/oldSite201903/lJtl6QtLrAYQn1Err0gE/ alsafwa.com.ly/webcal/4l6nq6EvCUxm/ cnjskconstruction.com/blogs/Lx2/ getlivetext.com/alanvgo/J4TI/ mohammadyarico.com/English/dfKNLblF/ /alanvgo/J4TI/ /English/dfKNLblF/ /js/ajB3sTqbQfUWSTM/ /oldSite201903/lJtl6QtLrAYQn1Err0gE/ /webcal/4l6nq6EvCUxm/ /ajB3sTqbQfUWSTM/ /4l6nq6EvCUxm/ /dfKNLblF/ /lJtl6QtLrAYQn1Err0gE/ # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-17%20Emotet%20(E4)%20IOCs koichiro-kimura.com/PORK/tE39FQ4Qdff6plYV/ /PORK/tE39FQ4Qdff6plYV/ /tE39FQ4Qdff6plYV/ # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-16%20Emotet%20(E5)%20IOCs anguianoss.com/wp-admin/bLMH9Q3bG/ berekethaber.com/hatax/JfjLv/ bosny.com/aspnet_client/kWXKDqsBEiPvG/ bpsjambi.id/about/yJ6C01yO1uRd/ ismarttechnologies.com/blogs/LjCTItLtHGBM4S3/ salledemode.com/tgroup.ge/kI1nxjDArzglOLCZk5/ /about/yJ6C01yO1uRd/ /aspnet_client/kWXKDqsBEiPvG/ /blogs/LjCTItLtHGBM4S3/ /hatax/JfjLv/ /tgroup.ge/kI1nxjDArzglOLCZk5/ /wp-admin/bLMH9Q3bG/ /bLMH9Q3bG/ /kI1nxjDArzglOLCZk5/ /kWXKDqsBEiPvG/ /LjCTItLtHGBM4S3/ /yJ6C01yO1uRd/ # Reference: https://twitter.com/Cryptolaemus1/status/1528815945657253888 kronostr.com/tr/Oa97cQB4l4Clf9/ moaprints.com/Prma3HlbvaG/ mohammadyarico.com/English/oYJF64dcGKWp7dGrP/ /Oa97cQB4l4Clf9/ /oYJF64dcGKWp7dGrP/ /Prma3HlbvaG/ # Reference: https://twitter.com/Cryptolaemus1/status/1528735543126654976 # Reference: https://twitter.com/Cryptolaemus1/status/1528710039405441024 airliftlimo.com/wp-admin/wzZ3RIsItxZsu77MFxs/ avenuebrasil.com/_img/5KAqQ/ demo-re-usables.inertiasoft.net/cgi-bin/AR4nYNd9xpn/ justplay.asia/google/oCbyPwB8B/ microlent.com/admin/kM442bdMLLMQ1qJe5/ neoexc.com/cgi-bin/srN0xYgm/ ong-hananel.org/PAQUES/bPiA2l6foj7kjN/ sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/ /_img/5KAqQ/ /admin/kM442bdMLLMQ1qJe5/ /cgi-bin/AR4nYNd9xpn/ /cgi-bin/srN0xYgm/ /google/oCbyPwB8B/ /old_source/9boJQZpTSdQE/ /PAQUES/bPiA2l6foj7kjN/ /wp-admin/wzZ3RIsItxZsu77MFxs/ /9boJQZpTSdQE/ /AR4nYNd9xpn/ /bPiA2l6foj7kjN/ /kM442bdMLLMQ1qJe5/ /oCbyPwB8B/ /srN0xYgm/ /wzZ3RIsItxZsu77MFxs/ # Reference: https://twitter.com/Cryptolaemus1/status/1528994310364221440 berekethaber.com/hatax/c7crGdejW4380ORuxqR/ bosny.com/aspnet_client/NGTx1FUzq/ bulldogironworksllc.com/temp/BBh5HHpei/ /aspnet_client/NGTx1FUzq/ /hatax/c7crGdejW4380ORuxqR/ /temp/BBh5HHpei/ /BBh5HHpei/ /c7crGdejW4380ORuxqR/ /NGTx1FUzq/ # Reference: https://tria.ge/220524-hs1tysbagq/behavioral1 myphamcuatui.com/assets/OPVeVSpO/ newkano.com/wp-admin/66rIsrVwoPKUsjcAs/ ocalogullari.com/inc/Wcm82enrs8/ sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/ /assets/OPVeVSpO/ /inc/Wcm82enrs8/ /old_source/9boJQZpTSdQE/ /wp-admin/66rIsrVwoPKUsjcAs/ /66rIsrVwoPKUsjcAs/ /9boJQZpTSdQE/ /OPVeVSpO/ /Wcm82enrs8/ # Reference: https://twitter.com/Cryptolaemus1/status/1529373064193929216 masidiomas.com/D4WStats/3aDOo2vU/ moorworld.com/aspnet_client/hSJPPgjn1x4d5rHCpxp/ viphawan.com/2016/o9C3UhJVc0x1ml/ virajindustriesinc.com/fonts/OxcnRyYlItMhvrsn0/ vltava-design.com/1koma/43BTOpWDbTZC1CpwolK/ /1koma/43BTOpWDbTZC1CpwolK/ /2016/o9C3UhJVc0x1ml/ /D4WStats/3aDOo2vU/ /aspnet_client/hSJPPgjn1x4d5rHCpxp/ /fonts/OxcnRyYlItMhvrsn0/ /3aDOo2vU/ /43BTOpWDbTZC1CpwolK/ /OxcnRyYlItMhvrsn0/ /hSJPPgjn1x4d5rHCpxp/ /o9C3UhJVc0x1ml/ # Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-05-25_Emotet_DownloadURLs http://192.99.237.111 http://46.4.78.202 http://51.222.72.232 7eminotopark.com/cgi-bin/y2obW1nmOgHOr4A7kw95JKRYZxAy4/ agenciaml.com.br/cgi-bin/dgAqqwwIeejxNozI/ airliftlimo.com/wp-admin/wzZ3RIsItxZsu77MFxs/ almoeqatar.com/cgi-bin/qoOYPhlkRGnBClmNu5I/ andrewpharma.com/wp-includes/JSDlHbnRdWAMrLKFQ/ angel.bk.idv.tw/web_images/rHDPqCa8BGFXnnwHjJl/ anguianoss.com/wp-admin/bLMH9Q3bG/ ara-choob.com/data1/Fgv77t71DAPm09UU/ ara-choob.com/data1/Tzm3xsCsT4DScdUFOx/ baudesign.ge/assets/1BAEFmOYqIf7HLg/ benconry.com/wp-includes/a/ benconry.com/wp-includes/hiCmBIU45rnQjc/ berekethaber.com/hatax/c7crGdejW4380ORuxqR/ berekethaber.com/hatax/fovLaro/ berekethaber.com/hatax/JfjLv/ bethelmbcarvada.org/EZTracker_Errors/9Pbi1J2/ bosny.com/aspnet_client/ErI5F74cwiiOywe/ bosny.com/aspnet_client/kWXKDqsBEiPvG/ bosny.com/aspnet_client/NGTx1FUzq/ bosny.com/aspnet_client/rnMp0ofR/ bosny.com/aspnet_client/UZlstV/ bosny.com/aspnet_client/WP0CVU9BtPZ6IRoO9ZlRMw/ boxtelreport.com/biin/P0ra/ bpsjambi.id/about/Kj/ bpsjambi.id/about/phOuINN3n376Cv1Fsa37/ bpsjambi.id/about/VPe69A9Tk/ bpsjambi.id/about/yJ6C01yO1uRd/ britainsolicitors.com/wp-admin/2ysGFKDbYP5sJB0Xg/ buffetmazzi.com.br/ckfinder/62TTrs2MEXQ2mmRB22/ bulldogironworksllc.com/temp/BBh5HHpei/ bulldogironworksllc.com/temp/IVHD00GG/ ceibadiseno.com.mx/brochure/2vw/ ceibadiseno.com.mx/brochure/5bH/ ceibadiseno.com.mx/brochure/abrtvpK/ ceibadiseno.com.mx/brochure/hnZjHGo1EYITQZ/ ceibadiseno.com.mx/brochure/kBuNjsECS9y2gRB6xaC/ chemsky.tn/64prPlDhbugztyb2Zl/xjvFXPUX7XeoPWTqSQ2/ clasite.com/blogs/IEEsyn/ clasite.com/blogs/ImchViGgNmO/ clasite.com/blogs/uaWi/ clasite.com/blogs/UCm4mbyEhvMgiqOjPw/ claudioavelar.adv.br/Revista/HgrQSZcBtk/ claudioavelar.adv.br/Revista/JljahSR26i5k/ claudioavelar.adv.br/Revista/kkLJV6YZI6I/ claudioavelar.adv.br/Revista/z9VYb5pwXheINT/ claudioavelar.adv.br/Revista/zG4DRI/ colegiounamuno.es/cgi-bin/E/ commune-ariana.tn/sites/3BvaCmo/ congtycamvinh.com/plugins/jG3iqpQaTL1TXYMolH congtycamvinh.com/plugins/jG3iqpQaTL1TXYMolH/ construlandia.com/templates/2saGKy0qR5LA8uM/ construlandia.com/templates/7F108jCmRMHLOk/ construlandia.com/templates/BrRf8QDloUqNyTAdXE/ construlandia.com/templates/bzYj/ construlandia.com/templates/IwJiHDBEAdwATHwfgY7/ construlandia.com/templates/mbRFivc7CQ9ZyRXiDI7iNy/ construlandia.com/templates/PmXH0h62RnWUjxY2bWN/ construlandia.com/templates/RnotTx3uT1qVusIFTl2/ crecercreando.com/tapas2/AWlo/ crecercreando.com/tapas2/isD/ cubicegg.asia/pKUVQsfSHB/bBq4ILmzfKIoAmwnLP/ cubicegg.asia/pKUVQsfSHB/cfF/ danialteb.com/wp-admin/2V8H/ danoblab.com/wordpress_4/kSNthhP5C9KswzAC9cBMmku/ danoblab.com/wordpress_4/zxPS1i6oWXBbeK/ datainline.com/aspnet_client/25T/ datainline.com/aspnet_client/56LwAJvy/ datainline.com/aspnet_client/TpbeXlnwwTB/ davidludlow.com/KYM/UYruujsiC2YXaBBSSl7/ decorusfinancial.com/wp-content/7dODakeZZ83fJi/ demo-re-usables.inertiasoft.net/cgi-bin/AR4nYNd9xpn/ demo-re-usables.inertiasoft.net/cgi-bin/z1CD/ demo.cansunoto.com/wp-admin/XyGLg1/ demo.cansunoto.com/wp-admin/Y22GqmMm/ dh.net.br/catalogo1/OAIrGjd1Or4QEWEuaxHbkIOPcqdK/ dijicom.net/error/HG1y7EgWrBA8fDYUIceqaL2pUqcj/ dl5.zahra-media.ir/dl5.zahra-media.ir/1XOgZSSlKVJ6/ dl5.zahra-media.ir/dl5.zahra-media.ir/9vvHAXe5/ dl5.zahra-media.ir/dl5.zahra-media.ir/aFtWkmsrOuZ6uWk1/ dl5.zahra-media.ir/dl5.zahra-media.ir/eDSfvIcQEGIKGsiK/ dl5.zahra-media.ir/dl5.zahra-media.ir/Iye11aStLm1/ dl5.zahra-media.ir/dl5.zahra-media.ir/k4eMbtkYkWcIMeA/ dl5.zahra-media.ir/dl5.zahra-media.ir/l34jaFq0PIh3/ dl5.zahra-media.ir/dl5.zahra-media.ir/llDJKV/ dl5.zahra-media.ir/dl5.zahra-media.ir/NDPruKKpO/ dl5.zahra-media.ir/dl5.zahra-media.ir/qm4lrFF/ dl5.zahra-media.ir/dl5.zahra-media.ir/roYgjVHpS/ dl5.zahra-media.ir/dl5.zahra-media.ir/S6UqYij8pBV1vK/ dl5.zahra-media.ir/dl5.zahra-media.ir/vJd6L/ dl5.zahra-media.ir/dl5.zahra-media.ir/YVnV/ dl5.zahra-media.ir/dl5.zahra-media.ir/ZC59RU5VC01n/ dlqsclub.com/wp-content/uploads/4ImMYkgI44psweaKI/ dmcontabilidade.com/correspondentecaixa/TrS/ dominiki.pl/forum/akfa6L4b/ drcno.sk/_sub/Q4UgYNLmsaosQ2/ dulichdichvu.net/libraries/6vhzwoZoNDSMtSC/ dulichdichvu.net/libraries/QhtrjCZymLp5EbqOdpKk/ dulichdichvu.net/libraries/vNjJU0JOEiZVljVrZavkePpju/ dwwmaster.com/wp-content/tfNs1crHYZd6F5/ e5web.com.br/wp-content/4TPDUppb/ easiercommunications.com/wp-content/09i4dfKbpiuj8k/ easiercommunications.com/wp-content/cx7EFvxoK3mdBHX4MRXQKcBDiU/ easiercommunications.com/wp-content/w/ easiercommunications.com/wp-content/yqNxi8IKbRIt7akB/ ecoarch.com.tw/cgi-bin/6ZzlWq5UdvMkkNk/ ecoarch.com.tw/cgi-bin/7UDFBjYypFJloFOLvP/ ecoarch.com.tw/cgi-bin/7YU1j9lqBX3bii/ ecoarch.com.tw/cgi-bin/8SRY/ ecoarch.com.tw/cgi-bin/coQ8DPIUBYkwH/ ecoarch.com.tw/cgi-bin/E/ ecoarch.com.tw/cgi-bin/lmQJVAf1VhasevFipwEFRObbxGXRZ/ ecoarch.com.tw/cgi-bin/opbDKH6cq5euv2Cztzb/ ecoarch.com.tw/cgi-bin/vhmTEdL4h2/ ecoarch.com.tw/cgi-bin/vWW/ ecoarch.com.tw/cgi-bin/yaWLCfVBI/ economizesa.com.br/cgi-bin/fA1Y/ economizesa.com.br/cgi-bin/gZSppeiuOneFdNZfubX2iQ/ ecube.com.mx/e2oCWBnC/ ecube.com.mx/e2oCWBnC/6wp2K4sfQmVIRy6ZvdiH/ edoraseguros.com.br/cgi-bin/l7ZERv5deNsfzlZUZ/ edoraseguros.com.br/cgi-bin/mh3MMGKfhXtJ/ edoraseguros.com.br/cgi-bin/ySH8/ eipweb.com/cgi-bin/suTTfnjUrAC69ByAU9h1kv9T/ elamurray.com/athletics-carnival-2018/3UTZYr9D9f/ ens-setif.dz/annuaire/Yu8wjHLmAzqyUS3XTSe/ eznetb.synology.me/@eaDir/wg2BqaWFRZb1G/ famesa.com.ar/dos/gaa/ fantasyclub.com.br/imgs/rggmVTfvT/ fashionbyprincessmelodicaah.com/4185PINT/jwh2cwjFHLZL/ fashionbyprincessmelodicaah.com/4185PINT/te/ federation-sardaniste.fr/calendrier/Y7gy8vFc93EGgNB7d5liwLCiUX/ fmesperanza945.com/js/Tq9tCfKAZcxvKCxl/ fontecmobile.com/pk/tRqU7/ fpd.cl/cgi-bin/83E0xgTMc/ fpd.cl/cgi-bin/8Cwqi8/ fpd.cl/cgi-bin/N/ galaxy-catering.com.vn/galxy/cX9eVP/ galaxy-catering.com.vn/galxy/Fg1vvhlYJ/ garantihaliyikama.com/wp-admin/FjgB6I/ gccon.in/UploadedFiles/CQTqp8ybddYdbPZIcV3/ gccon.in/UploadedFiles/UYtJNrT2llxy1/ gelish.com/email-hog/YXaPiWbFMKT/ genccagdas.com.tr/assets/doWHIxLe7e/ genccagdas.com.tr/assets/MRzxnRKVcE43yeQx/ genccagdas.com.tr/assets/TTHOm833iNn3BxT/ geowf.ge/templates/pJRea3Iu3wG/ geowf.ge/templates/TlbsO1F7p/ gla.ge/old/enG/ gla.ge/old/PuVaff/ globartmag.com/doubleclick/0mhNze/ gnnmuebles.com/repellatdoloremque/XGc7rXmnrdSO/ gnr.gtu.ge/admin/yKgYN2K0mYY/ greycoconut.com/edm/0ywf2bF/ greycoconut.com/edm/Jc3LJXQ6wEemK7g876/ grupobatistella.com.br/wp-content/bV2JMWZz/ guedala.com.br/cgi-bin/c349IB7OmLvMgcZEoCe/ gzndfit.com/520/04iIX2OE7gFJBkLdt/ gzndfit.com/520/2jNG94sK8ghPDEZR3M64ZdjvaJAl/ gzndfit.com/520/iopAQaRrZYgA883NZ/ h63402x4.beget.tech/bin/2M/ h63402x4.beget.tech/bin/wl0ENiE3BhELXV6V/ haircutbar.com/documents/EpRj8CMVJJ/ haircutbar.com/documents/GwdtlCyoXB9/ haircutbar.com/documents/xuPEi/ hangaryapi.com.tr/cgi-bin/PVrH9X9PyARmyn3s/ hangaryapi.com.tr/wp-admin/5n42ncL3nWMbJHwy7/ hangaryapi.com.tr/wp-admin/MukeqeAOTXGX6UZ/ haribuilders.com/zoombox-master/75wLA48wnAGsckgKb/ haribuilders.com/zoombox-master/aCt/ haribuilders.com/zoombox-master/c6aWh7ah6vqz/ haribuilders.com/zoombox-master/INGYvA0m/ haribuilders.com/zoombox-master/SEQtwcSCGpSyg/ haribuilders.com/zoombox-master/u6QVKZamtaV5L66Nx/ harleyqueretaro.com/renew2019/Back2016-12-22/cv/data/RjuiFMp4Fsp/ hcsnet.com.br/wp-content/emmK/ hcsnet.com.br/wp-content/zvPeH/ heaventechnologies.com.pk/apitest/e4Pkx/ heaventechnologies.com.pk/apitest/xdeAU0rx26LT9I/ hellojohnwebb.com/TMkGx6CJ5WWoFnH8t6eAQ8E91/ helmprecision.com/Helm/main/css/pQGi4xm0aNV/ hkwindsacademy.synology.me/@eaDir/qH2EHuvYVoJEJ2/ hmtpolska.home.pl/Trash/37/ ho280319001.hogibo.net/include/tgQwxic4QwuM/ homeeflyer.com/7photo2/PiLGiTrLqCWuoRr6/ hospitaldesitges.cat/OLD_BORRAR/ceCC6SPMue/ hotelmourya.com/aspnet_client/bYgwNXnkq/ howesitgoing.com/images/HyaDnlbl6K7tbh2Lugys/ howie23.org/wH3bd37xcJBEKu/Cba9lBuj4pQidgw/ hqsistemas.com.ar/cgi-bin/FMPTFCp/ i-dots.com/image/8C7AwiFZmI1p/ iciee.untirta.ac.id/test/GccRw/ ijsclub-de-volharding.nl/Contact/02tLuEpm/ ijsclub-de-volharding.nl/Contact/64v9/ ikatemia.untirta.ac.id/assets/VT/ imenikala.com/wp-admin/vyjYPEc/ industriasguidi.com.ar/wp-includes/x918PGFU/ ingonherbal.com/application/PhEbceg4Tx/ irishcarsagadir.net/n3rz4Y9rscfwluelvDV/LqxCq/ jackholland.eu/flashshoot/A1sVGeUdOmXpPeof/ japlatec.com/page/sAnfptTN0J4pw4S6B1Y/ jdserralheria.com.br/cgi-bin/KFG6/ jml.iptime.org/@eaDir/DFjRxYGc/ jsonsintl.com/RxsGgoVWz9/ jsonsintl.com/RxsGgoVWz9/4HFi3ZZYtnYgtELgCHnZ/ keltonconstruction.com/_vti_bin/DFNorq/ keltonconstruction.com/_vti_bin/H6Qm88nzyQe/ kingkongpizza.ru/fonts/sFUY3/ kingmode.ir/wp-admin/VKuUS10kNpfiLRwQEXN/ kolejleri.com/wp-admin/REvup/ kronostr.com/tr/bbRjEuBFYBX4Oiod/ kronostr.com/tr/Oa97cQB4l4Clf9/ kuluckaci.com/yarisma/cgi-bin/aIuI4Ukdtl730sP1F/ kuluckaci.com/yarisma/cgi-bin/obEPv40iNRumhPGv6wo/ kustens.com/A-Kus/stoyH/ kwinglobal.dothome.co.kr/inc/TbUvEBJ/ la-csi.com/mt-admin/gCObckGgJyOJWJLZ/ lavameapp.cl/wp-snapshots/himv0rbBofmABf3ewN/ learnviaonline.com/wp-admin/qGb/ littleplanetclass.com/assets/61BKcuxC5HWBPbpPHKDI9/ littleplanetclass.com/assets/8/ littleplanetclass.com/assets/Cvfhkget00Lrk41a/ littleplanetclass.com/assets/G89kXzBAJO77QSgFgUxa/ littleplanetclass.com/assets/hd0y7/ littleplanetclass.com/assets/izJQ708a1/ littleplanetclass.com/assets/Je0XC4R/ littleplanetclass.com/assets/JMHFvkdcAjY/ littleplanetclass.com/assets/pf5HqLMkI/ littleplanetclass.com/assets/q73HpTY/ littleplanetclass.com/assets/RKpaLk40sk3tfh2ylKH/ littleplanetclass.com/assets/RVfrablPa9HS6UAJ/ littleplanetclass.com/assets/zITd/ lopespublicidade.com/cgi-bin/e5R5oG4iEaQnxQrZDh/ lovemihome.co.za/fquccH5zPj/m8LaKB0hBb/ luzytextura.com/marfinance/gdwyLku/ mandom.co.id/assets/ejevw82KJ6VYDzZY3O/ mandom.co.id/assets/TpIIt7SmNBsWCECLoHrS/ masidiomas.com/D4WStats/GAhmgvhLgUn6/ masidiomas.com/D4WStats/Ge3FN11FjPBzlOiO/ mcapublicschool.com/Achievements/FbgG5Xk/ mcapublicschool.com/Achievements/r4psv/ melisetotoaksesuar.com/catalog/controller/account/dqfKI/ melisetotoaksesuar.com/catalog/pFyl/ metalgas.com.ar/wp-includes/2Ecobg/ metalgas.com.ar/wp-includes/pIxAd/ mewolters.nl/tmp/3Qty7GTQht/ mfscomunicacao.com.br/old/EEoE433/ microlent.com/admin/3/ microlent.com/admin/GgoC/ microlent.com/admin/kM442bdMLLMQ1qJe5/ milanstaffing.com/images/vukvR2flVIu62E/ mistchem.com/wp-admin/qcgRq15U9PNBc4z/ mjhl.com.mx/fonts/sG/ mohammadyarico.com/English/dfKNLblF/ mohammadyarico.com/English/oYJF64dcGKWp7dGrP/ moorworld.com/aspnet_client/fTDJOdTa1USKl43wFtnb/ moorworld.com/aspnet_client/JUJWT/ muhsinsirim.com/cgi-bin/Vt2umvq3ufyBZZWR2HZ/ mulmatdol.com/adm/Semrx6pQ/ myphamcuatui.com/assets/OPVeVSpO/ myphamcuatui.com/assets/z1b9YfHoX7Fp/ myqservice.com.ar/wp-includes/KPfIhRvHsnocXQ2z/ myqservice.com.ar/wp-includes/UamQky9H9rSyN7CWdue/ nakharinitwebhosting.com/HSDYKN1X5GLF/ napolilovemark.com/Re9e27V3Kd/PQFv/ natdemo.natrixsoftware.com/wp-admin/B1bA/ natdemo.natrixsoftware.com/wp-admin/QyqiN/ nenlineasv.com/encasa/cgi-bin/wqDZzO2OsIk7qGb/ nenlineasv.com/encasa/qnKqfcj4q/ neoexc.com/cgi-bin/gOTeFmMuXhfsGqDl/ neoexc.com/cgi-bin/srN0xYgm/ nerz.net/stats/KVIyooM/ nextcampolargo.com.br/cgi-bin/eeU5HhscZ10Y5O2Ss/ nigerianang.com/plugins/S3UsCMQhf1DBHTkiSEm/ nycom.narasoft.com/movie_link/4l6T5s7EcTyT/ nycom.narasoft.com/movie_link/osw54cGkTZr0/ ocalogullari.com/inc/qFVa7tzob2eQTk5dWD/ ocalogullari.com/inc/Wcm82enrs8/ ogenhukuk.com/css/RYnIOe9nU3/ olafs-radladen.de/captcha/iTNRUusWY3qNlhBpG/ old.liceum9.ru/images/DiazQsBnLhW3zpKRe/ old.liceum9.ru/images/P3kTyZjKSLHIcLhpJ4/ old.liceum9.ru/images/R/ old.liceum9.ru/images/Yh/ oncrete-egy.com/wp-content/V6Igzw8/ onepieceark.dothome.co.kr/jwr/Q/ ong-hananel.org/PAQUES/bPiA2l6foj7kjN/ opencart-destek.com/catalog/OqHwQ8xlWa5Goyo/ opornik55.ru/wp-content/uploads/4luXOJEZV3C/ opornik55.ru/wp-content/uploads/4yQ9cLAlPGlnFUx/ opornik55.ru/wp-content/uploads/cx6D0oSQ0r8d56hXHH/ opornik55.ru/wp-content/uploads/gjwrggwL52Qg/ opornik55.ru/wp-content/uploads/HrP384B/ opornik55.ru/wp-content/uploads/JQ/ opornik55.ru/wp-content/uploads/KDrP1bI6KGk/ opornik55.ru/wp-content/uploads/MiC9l/ opornik55.ru/wp-content/uploads/tXDU6mf5VNSV/ opornik55.ru/wp-content/uploads/u4XDlUHY5zviKg/ opornik55.ru/wp-content/uploads/UZxExbsDc6m0/ opornik55.ru/wp-content/uploads/XqUFTt2mhVj/ opornik55.ru/wp-content/uploads/ZPi20LzUOcDQI/ opornik55.ru/wp-content/uploads/ZTQCHQ9OYwq/ opornik55.ru/wp-content/uploads/ZxzxI/ p4936.webmo.fr/wp-admin/FKTynV/ pacemaker.cd/images/Xc/ picsmaker.com/cgi-bin/jWdUsHIsoD/ picsmaker.com/cgi-bin/OEEtgXEetqIvVsq/ piffl.com/piffl.com/a/ puntamimarlik.com.tr/wp-admin/9IW7L1gKwWOoNQREJ6/ redmag-dz.com/joomla/K66s1IU9h/ reiwo-service.de/cgi-bin/O/ reneetten.nl/Menu/RBjbO/ reneetten.nl/Menu/XNMhx6nSnnpp8aZzk/ saffrontheindiankitchen.com/studyinusa/c9GcsoElVub05Q4iTjI7j53UQCpdSA/ sd-1093121-h00002.ferozo.net/wp-content/YQ7IkSjIEP9r/ sd-1684625-h00001.ferozo.net/PaginaMasVieja1321654/VXbZo/ sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/ st-florenceacademy.com/images/zd2/ stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/ stainedglassexpress.com/classes/veV/ thepublicelection.com/wp-includes/0AEt8wRWroIJmVgEjZC/ tiemvangngoctham.com/wp-content/jkNQKmmMlZi/ vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/ visionnextgroup.net/saharaUK/2UXmSjlPLoroRMOjJ2AfDM/ vrstar-park.com/wp-includes/2UYhNgIaNeIBM/ wanderlustphtravel.com/cgi-bin/QphfoQq4t/ waves-india.com/LC/YolqTCGPcBX0h/ weareone-bh.org/ik8EFuXqc/ webguruindia.com/theme/A7IdsEk1uJo/ webmk.de/assets/X5r/ weboculta.com/APPs/jb7urLT2s/ yamada-shoshi.main.jp/yamada-shoshi/V61hH/ /4185PINT/jwh2cwjFHLZL/ /4185PINT/te/ /520/04iIX2OE7gFJBkLdt/ /520/2jNG94sK8ghPDEZR3M64ZdjvaJAl/ /520/iopAQaRrZYgA883NZ/ /64prPlDhbugztyb2Zl/xjvFXPUX7XeoPWTqSQ2/ /7photo2/PiLGiTrLqCWuoRr6/ /@eaDir/DFjRxYGc/ /@eaDir/qH2EHuvYVoJEJ2/ /@eaDir/wg2BqaWFRZb1G/ /_sub/Q4UgYNLmsaosQ2/ /_vti_bin/DFNorq/ /_vti_bin/H6Qm88nzyQe/ /A-Kus/stoyH/ /about/phOuINN3n376Cv1Fsa37/ /about/VPe69A9Tk/ /about/yJ6C01yO1uRd/ /Achievements/FbgG5Xk/ /Achievements/r4psv/ /adm/Semrx6pQ/ /admin/GgoC/ /admin/kM442bdMLLMQ1qJe5/ /admin/yKgYN2K0mYY/ /annuaire/Yu8wjHLmAzqyUS3XTSe/ /apitest/e4Pkx/ /apitest/xdeAU0rx26LT9I/ /application/PhEbceg4Tx/ /APPs/jb7urLT2s/ /aspnet_client/25T/ /aspnet_client/56LwAJvy/ /aspnet_client/bYgwNXnkq/ /aspnet_client/ErI5F74cwiiOywe/ /aspnet_client/fTDJOdTa1USKl43wFtnb/ /aspnet_client/JUJWT/ /aspnet_client/kWXKDqsBEiPvG/ /aspnet_client/NGTx1FUzq/ /aspnet_client/rnMp0ofR/ /aspnet_client/TpbeXlnwwTB/ /aspnet_client/UZlstV/ /aspnet_client/WP0CVU9BtPZ6IRoO9ZlRMw/ /assets/1BAEFmOYqIf7HLg/ /assets/61BKcuxC5HWBPbpPHKDI9/ /assets/Cvfhkget00Lrk41a/ /assets/doWHIxLe7e/ /assets/ejevw82KJ6VYDzZY3O/ /assets/G89kXzBAJO77QSgFgUxa/ /assets/hd0y7/ /assets/izJQ708a1/ /assets/Je0XC4R/ /assets/JMHFvkdcAjY/ /assets/MRzxnRKVcE43yeQx/ /assets/OPVeVSpO/ /assets/pf5HqLMkI/ /assets/q73HpTY/ /assets/RKpaLk40sk3tfh2ylKH/ /assets/RVfrablPa9HS6UAJ/ /assets/TpIIt7SmNBsWCECLoHrS/ /assets/TTHOm833iNn3BxT/ /assets/z1b9YfHoX7Fp/ /athletics-carnival-2018/3UTZYr9D9f/ /biin/P0ra/ /bin/wl0ENiE3BhELXV6V/ /blogs/IEEsyn/ /blogs/ImchViGgNmO/ /blogs/uaWi/ /blogs/UCm4mbyEhvMgiqOjPw/ /brochure/abrtvpK/ /brochure/hnZjHGo1EYITQZ/ /brochure/kBuNjsECS9y2gRB6xaC/ /calendrier/Y7gy8vFc93EGgNB7d5liwLCiUX/ /captcha/iTNRUusWY3qNlhBpG/ /catalog/OqHwQ8xlWa5Goyo/ /catalog/pFyl/ /catalogo1/OAIrGjd1Or4QEWEuaxHbkIOPcqdK/ /cgi-bin/6ZzlWq5UdvMkkNk/ /cgi-bin/7UDFBjYypFJloFOLvP/ /cgi-bin/7YU1j9lqBX3bii/ /cgi-bin/83E0xgTMc/ /cgi-bin/8Cwqi8/ /cgi-bin/8SRY/ /cgi-bin/AR4nYNd9xpn/ /cgi-bin/c349IB7OmLvMgcZEoCe/ /cgi-bin/coQ8DPIUBYkwH/ /cgi-bin/dgAqqwwIeejxNozI/ /cgi-bin/e5R5oG4iEaQnxQrZDh/ /cgi-bin/eeU5HhscZ10Y5O2Ss/ /cgi-bin/fA1Y/ /cgi-bin/FMPTFCp/ /cgi-bin/gOTeFmMuXhfsGqDl/ /cgi-bin/gZSppeiuOneFdNZfubX2iQ/ /cgi-bin/jWdUsHIsoD/ /cgi-bin/KFG6/ /cgi-bin/l7ZERv5deNsfzlZUZ/ /cgi-bin/lmQJVAf1VhasevFipwEFRObbxGXRZ/ /cgi-bin/mh3MMGKfhXtJ/ /cgi-bin/OEEtgXEetqIvVsq/ /cgi-bin/opbDKH6cq5euv2Cztzb/ /cgi-bin/PVrH9X9PyARmyn3s/ /cgi-bin/qoOYPhlkRGnBClmNu5I/ /cgi-bin/QphfoQq4t/ /cgi-bin/srN0xYgm/ /cgi-bin/suTTfnjUrAC69ByAU9h1kv9T/ /cgi-bin/vhmTEdL4h2/ /cgi-bin/Vt2umvq3ufyBZZWR2HZ/ /cgi-bin/vWW/ /cgi-bin/y2obW1nmOgHOr4A7kw95JKRYZxAy4/ /cgi-bin/yaWLCfVBI/ /cgi-bin/ySH8/ /cgi-bin/z1CD/ /ckfinder/62TTrs2MEXQ2mmRB22/ /classes/05SkiiW9y4DDGvb6/ /Contact/02tLuEpm/ /Contact/64v9/ /correspondentecaixa/TrS/ /css/RYnIOe9nU3/ /D4WStats/GAhmgvhLgUn6/ /D4WStats/Ge3FN11FjPBzlOiO/ /data1/Fgv77t71DAPm09UU/ /data1/Tzm3xsCsT4DScdUFOx/ /dl5.zahra-media.ir/1XOgZSSlKVJ6/ /dl5.zahra-media.ir/9vvHAXe5/ /dl5.zahra-media.ir/aFtWkmsrOuZ6uWk1/ /dl5.zahra-media.ir/eDSfvIcQEGIKGsiK/ /dl5.zahra-media.ir/Iye11aStLm1/ /dl5.zahra-media.ir/k4eMbtkYkWcIMeA/ /dl5.zahra-media.ir/l34jaFq0PIh3/ /dl5.zahra-media.ir/llDJKV/ /dl5.zahra-media.ir/NDPruKKpO/ /dl5.zahra-media.ir/qm4lrFF/ /dl5.zahra-media.ir/roYgjVHpS/ /dl5.zahra-media.ir/S6UqYij8pBV1vK/ /dl5.zahra-media.ir/vJd6L/ /dl5.zahra-media.ir/YVnV/ /dl5.zahra-media.ir/ZC59RU5VC01n/ /documents/EpRj8CMVJJ/ /documents/GwdtlCyoXB9/ /documents/xuPEi/ /doubleclick/0mhNze/ /e2oCWBnC/6wp2K4sfQmVIRy6ZvdiH/ /edm/0ywf2bF/ /edm/Jc3LJXQ6wEemK7g876/ /email-hog/YXaPiWbFMKT/ /encasa/qnKqfcj4q/ /English/dfKNLblF/ /English/oYJF64dcGKWp7dGrP/ /error/HG1y7EgWrBA8fDYUIceqaL2pUqcj/ /EZTracker_Errors/9Pbi1J2/ /flashshoot/A1sVGeUdOmXpPeof/ /fonts/sFUY3/ /forum/akfa6L4b/ /fquccH5zPj/m8LaKB0hBb/ /galxy/cX9eVP/ /galxy/Fg1vvhlYJ/ /hatax/c7crGdejW4380ORuxqR/ /hatax/fovLaro/ /hatax/JfjLv/ /image/8C7AwiFZmI1p/ /images/DiazQsBnLhW3zpKRe/ /images/HyaDnlbl6K7tbh2Lugys/ /images/P3kTyZjKSLHIcLhpJ4/ /images/vukvR2flVIu62E/ /imgs/rggmVTfvT/ /inc/qFVa7tzob2eQTk5dWD/ /inc/TbUvEBJ/ /inc/Wcm82enrs8/ /include/tgQwxic4QwuM/ /joomla/K66s1IU9h/ /js/Tq9tCfKAZcxvKCxl/ /KYM/UYruujsiC2YXaBBSSl7/ /LC/YolqTCGPcBX0h/ /libraries/6vhzwoZoNDSMtSC/ /libraries/QhtrjCZymLp5EbqOdpKk/ /libraries/vNjJU0JOEiZVljVrZavkePpju/ /marfinance/gdwyLku/ /Menu/RBjbO/ /Menu/XNMhx6nSnnpp8aZzk/ /movie_link/4l6T5s7EcTyT/ /movie_link/osw54cGkTZr0/ /mt-admin/gCObckGgJyOJWJLZ/ /n3rz4Y9rscfwluelvDV/LqxCq/ /old/EEoE433/ /old/PuVaff/ /OLD_BORRAR/ceCC6SPMue/ /old_source/9boJQZpTSdQE/ /page/sAnfptTN0J4pw4S6B1Y/ /PaginaMasVieja1321654/VXbZo/ /PAQUES/bPiA2l6foj7kjN/ /pk/tRqU7/ /pKUVQsfSHB/bBq4ILmzfKIoAmwnLP/ /pKUVQsfSHB/cfF/ /plugins/jG3iqpQaTL1TXYMolH/ /plugins/S3UsCMQhf1DBHTkiSEm/ /Re9e27V3Kd/PQFv/ /renew2019/Back2016-12-22/ /repellatdoloremque/XGc7rXmnrdSO/ /Revista/HgrQSZcBtk/ /Revista/JljahSR26i5k/ /Revista/kkLJV6YZI6I/ /Revista/z9VYb5pwXheINT/ /Revista/zG4DRI/ /RxsGgoVWz9/4HFi3ZZYtnYgtELgCHnZ/ /saharaUK/2UXmSjlPLoroRMOjJ2AfDM/ /sites/3BvaCmo/ /stats/KVIyooM/ /studyinusa/c9GcsoElVub05Q4iTjI7j53UQCpdSA/ /tapas2/AWlo/ /tapas2/isD/ /temp/BBh5HHpei/ /temp/IVHD00GG/ /templates/2saGKy0qR5LA8uM/ /templates/7F108jCmRMHLOk/ /templates/BrRf8QDloUqNyTAdXE/ /templates/bzYj/ /templates/IwJiHDBEAdwATHwfgY7/ /templates/mbRFivc7CQ9ZyRXiDI7iNy/ /templates/pJRea3Iu3wG/ /templates/PmXH0h62RnWUjxY2bWN/ /templates/RnotTx3uT1qVusIFTl2/ /templates/TlbsO1F7p/ /test/GccRw/ /theme/A7IdsEk1uJo/ /TMkGx6CJ5WWoFnH8t6eAQ8E91// /tmp/3Qty7GTQht/ /tr/bbRjEuBFYBX4Oiod/ /tr/Oa97cQB4l4Clf9/ /UploadedFiles/CQTqp8ybddYdbPZIcV3/ /UploadedFiles/UYtJNrT2llxy1/ /uploads/g5QMC5XVlj/ /web_images/rHDPqCa8BGFXnnwHjJl/ /wH3bd37xcJBEKu/Cba9lBuj4pQidgw/ /wordpress_4/kSNthhP5C9KswzAC9cBMmku/ /wordpress_4/zxPS1i6oWXBbeK/ /wp-admin/2V8H/ /wp-admin/2ysGFKDbYP5sJB0Xg/ /wp-admin/5n42ncL3nWMbJHwy7/ /wp-admin/9IW7L1gKwWOoNQREJ6/ /wp-admin/B1bA/ /wp-admin/bLMH9Q3bG/ /wp-admin/FjgB6I/ /wp-admin/FKTynV/ /wp-admin/MukeqeAOTXGX6UZ/ /wp-admin/qcgRq15U9PNBc4z/ /wp-admin/qGb/ /wp-admin/QyqiN/ /wp-admin/REvup/ /wp-admin/user/ /wp-admin/VKuUS10kNpfiLRwQEXN/ /wp-admin/vyjYPEc/ /wp-admin/wzZ3RIsItxZsu77MFxs/ /wp-admin/XyGLg1/ /wp-admin/Y22GqmMm/ /wp-content/09i4dfKbpiuj8k/ /wp-content/4TPDUppb/ /wp-content/7dODakeZZ83fJi/ /wp-content/bV2JMWZz/ /wp-content/cx7EFvxoK3mdBHX4MRXQKcBDiU/ /wp-content/emmK/ /wp-content/jkNQKmmMlZi/ /wp-content/tfNs1crHYZd6F5/ /wp-content/V6Igzw8/ /wp-content/xOvCgoYFAIVjwy6I/ /wp-content/YQ7IkSjIEP9r/ /wp-content/yqNxi8IKbRIt7akB/ /wp-content/zvPeH/ /wp-includes/0AEt8wRWroIJmVgEjZC/ /wp-includes/2Ecobg/ /wp-includes/2l92XulnC6aZzv0jNGN/ /wp-includes/2UYhNgIaNeIBM/ /wp-includes/hiCmBIU45rnQjc/ /wp-includes/hp64zMwYlTJoO3l/ /wp-includes/JSDlHbnRdWAMrLKFQ/ /wp-includes/KPfIhRvHsnocXQ2z/ /wp-includes/NPNGSFzuH/ /wp-includes/Oopph6H4Jg/ /wp-includes/pIxAd/ /wp-includes/Rv35Z/ /wp-includes/UamQky9H9rSyN7CWdue/ /wp-includes/x918PGFU/ /wp-snapshots/himv0rbBofmABf3ewN/ /yamada-shoshi/V61hH/ /zoombox-master/75wLA48wnAGsckgKb/ /zoombox-master/aCt/ /zoombox-master/c6aWh7ah6vqz/ /zoombox-master/INGYvA0m/ /zoombox-master/SEQtwcSCGpSyg/ /zoombox-master/u6QVKZamtaV5L66Nx/ /02tLuEpm/ /04iIX2OE7gFJBkLdt/ /05SkiiW9y4DDGvb6/ /09i4dfKbpiuj8k/ /0AEt8wRWroIJmVgEjZC/ /0mhNze/ /0ywf2bF/ /1BAEFmOYqIf7HLg/ /1XOgZSSlKVJ6/ /2Ecobg/ /2jNG94sK8ghPDEZR3M64ZdjvaJAl/ /2l92XulnC6aZzv0jNGN/ /2saGKy0qR5LA8uM/ /2UXmSjlPLoroRMOjJ2AfDM/ /2UYhNgIaNeIBM/ /2ysGFKDbYP5sJB0Xg/ /3BvaCmo/ /3Qty7GTQht/ /3UTZYr9D9f/ /4185PINT/ /4HFi3ZZYtnYgtELgCHnZ/ /4l6T5s7EcTyT/ /4TPDUppb/ /56LwAJvy/ /5n42ncL3nWMbJHwy7/ /61BKcuxC5HWBPbpPHKDI9/ /62TTrs2MEXQ2mmRB22/ /64prPlDhbugztyb2Zl/ /6vhzwoZoNDSMtSC/ /6wp2K4sfQmVIRy6ZvdiH/ /6ZzlWq5UdvMkkNk/ /75wLA48wnAGsckgKb/ /7dODakeZZ83fJi/ /7F108jCmRMHLOk/ /7UDFBjYypFJloFOLvP/ /7YU1j9lqBX3bii/ /83E0xgTMc/ /8C7AwiFZmI1p/ /8Cwqi8/ /9boJQZpTSdQE/ /9IW7L1gKwWOoNQREJ6/ /9Pbi1J2/ /9vvHAXe5/ /A1sVGeUdOmXpPeof/ /A7IdsEk1uJo/ /abrtvpK/ /aFtWkmsrOuZ6uWk1/ /akfa6L4b/ /AR4nYNd9xpn/ /BBh5HHpei/ /bBq4ILmzfKIoAmwnLP/ /bbRjEuBFYBX4Oiod/ /bLMH9Q3bG/ /bPiA2l6foj7kjN/ /BrRf8QDloUqNyTAdXE/ /bV2JMWZz/ /bYgwNXnkq/ /c349IB7OmLvMgcZEoCe/ /c6aWh7ah6vqz/ /c7crGdejW4380ORuxqR/ /c9GcsoElVub05Q4iTjI7j53UQCpdSA/ /Cba9lBuj4pQidgw/ /ceCC6SPMue/ /coQ8DPIUBYkwH/ /CQTqp8ybddYdbPZIcV3/ /Cvfhkget00Lrk41a/ /cx7EFvxoK3mdBHX4MRXQKcBDiU/ /cX9eVP/ /DFjRxYGc/ /dfKNLblF/ /DFNorq/ /dgAqqwwIeejxNozI/ /DiazQsBnLhW3zpKRe/ /doWHIxLe7e/ /e2oCWBnC/ /e4Pkx/ /e5R5oG4iEaQnxQrZDh/ /eDSfvIcQEGIKGsiK/ /EEoE433/ /eeU5HhscZ10Y5O2Ss/ /ejevw82KJ6VYDzZY3O/ /EpRj8CMVJJ/ /ErI5F74cwiiOywe/ /FbgG5Xk/ /Fg1vvhlYJ/ /Fgv77t71DAPm09UU/ /FjgB6I/ /FKTynV/ /FMPTFCp/ /fovLaro/ /fquccH5zPj/ /fTDJOdTa1USKl43wFtnb/ /g5QMC5XVlj/ /G89kXzBAJO77QSgFgUxa/ /GAhmgvhLgUn6/ /GccRw/ /gCObckGgJyOJWJLZ/ /gdwyLku/ /Ge3FN11FjPBzlOiO/ /gOTeFmMuXhfsGqDl/ /GwdtlCyoXB9/ /gZSppeiuOneFdNZfubX2iQ/ /H6Qm88nzyQe/ /HG1y7EgWrBA8fDYUIceqaL2pUqcj/ /HgrQSZcBtk/ /hiCmBIU45rnQjc/ /himv0rbBofmABf3ewN/ /hnZjHGo1EYITQZ/ /hp64zMwYlTJoO3l/ /HSDYKN1X5GLF/ /HyaDnlbl6K7tbh2Lugys/ /IEEsyn/ /ik8EFuXqc/ /ImchViGgNmO/ /INGYvA0m/ /iopAQaRrZYgA883NZ/ /iTNRUusWY3qNlhBpG/ /IVHD00GG/ /IwJiHDBEAdwATHwfgY7/ /Iye11aStLm1/ /izJQ708a1/ /jb7urLT2s/ /Jc3LJXQ6wEemK7g876/ /Je0XC4R/ /JfjLv/ /jG3iqpQaTL1TXYMolH/ /jkNQKmmMlZi/ /JljahSR26i5k/ /JMHFvkdcAjY/ /JSDlHbnRdWAMrLKFQ/ /JUJWT/ /jWdUsHIsoD/ /jwh2cwjFHLZL/ /k4eMbtkYkWcIMeA/ /K66s1IU9h/ /kBuNjsECS9y2gRB6xaC/ /kkLJV6YZI6I/ /kM442bdMLLMQ1qJe5/ /KPfIhRvHsnocXQ2z/ /kSNthhP5C9KswzAC9cBMmku/ /KVIyooM/ /kWXKDqsBEiPvG/ /l34jaFq0PIh3/ /l7ZERv5deNsfzlZUZ/ /llDJKV/ /lmQJVAf1VhasevFipwEFRObbxGXRZ/ /LqxCq/ /m8LaKB0hBb/ /mbRFivc7CQ9ZyRXiDI7iNy/ /mh3MMGKfhXtJ/ /MRzxnRKVcE43yeQx/ /MukeqeAOTXGX6UZ/ /n3rz4Y9rscfwluelvDV/ /NDPruKKpO/ /NGTx1FUzq/ /NPNGSFzuH/ /Oa97cQB4l4Clf9/ /OAIrGjd1Or4QEWEuaxHbkIOPcqdK/ /OEEtgXEetqIvVsq/ /Oopph6H4Jg/ /opbDKH6cq5euv2Cztzb/ /OPVeVSpO/ /OqHwQ8xlWa5Goyo/ /osw54cGkTZr0/ /oYJF64dcGKWp7dGrP/ /P3kTyZjKSLHIcLhpJ4/ /PaginaMasVieja1321654/ /pf5HqLMkI/ /PhEbceg4Tx/ /phOuINN3n376Cv1Fsa37/ /PiLGiTrLqCWuoRr6/ /pIxAd/ /pJRea3Iu3wG/ /PmXH0h62RnWUjxY2bWN/ /PVrH9X9PyARmyn3s/ /Q4UgYNLmsaosQ2/ /q73HpTY/ /qcgRq15U9PNBc4z/ /qFVa7tzob2eQTk5dWD/ /qH2EHuvYVoJEJ2/ /QhtrjCZymLp5EbqOdpKk/ /qm4lrFF/ /qnKqfcj4q/ /qoOYPhlkRGnBClmNu5I/ /QphfoQq4t/ /rggmVTfvT/ /rHDPqCa8BGFXnnwHjJl/ /RKpaLk40sk3tfh2ylKH/ /rnMp0ofR/ /RnotTx3uT1qVusIFTl2/ /roYgjVHpS/ /Rv35Z/ /RVfrablPa9HS6UAJ/ /RxsGgoVWz9/ /RYnIOe9nU3/ /S3UsCMQhf1DBHTkiSEm/ /S6UqYij8pBV1vK/ /sAnfptTN0J4pw4S6B1Y/ /Semrx6pQ/ /SEQtwcSCGpSyg/ /sFUY3/ /srN0xYgm/ /stoyH/ /suTTfnjUrAC69ByAU9h1kv9T/ /TbUvEBJ/ /tfNs1crHYZd6F5/ /tgQwxic4QwuM/ /TlbsO1F7p/ /TMkGx6CJ5WWoFnH8t6eAQ8E91/ /TpbeXlnwwTB/ /TpIIt7SmNBsWCECLoHrS/ /Tq9tCfKAZcxvKCxl/ /tRqU7/ /TTHOm833iNn3BxT/ /Tzm3xsCsT4DScdUFOx/ /u6QVKZamtaV5L66Nx/ /UamQky9H9rSyN7CWdue/ /UCm4mbyEhvMgiqOjPw/ /UYruujsiC2YXaBBSSl7/ /UYtJNrT2llxy1/ /UZlstV/ /V61hH/ /V6Igzw8/ /vhmTEdL4h2/ /vJd6L/ /VKuUS10kNpfiLRwQEXN/ /vNjJU0JOEiZVljVrZavkePpju/ /VPe69A9Tk/ /Vt2umvq3ufyBZZWR2HZ/ /vukvR2flVIu62E/ /VXbZo/ /vyjYPEc/ /Wcm82enrs8/ /wg2BqaWFRZb1G/ /wH3bd37xcJBEKu/ /wl0ENiE3BhELXV6V/ /WP0CVU9BtPZ6IRoO9ZlRMw/ /wzZ3RIsItxZsu77MFxs/ /x918PGFU/ /xdeAU0rx26LT9I/ /XGc7rXmnrdSO/ /xjvFXPUX7XeoPWTqSQ2/ /XNMhx6nSnnpp8aZzk/ /xOvCgoYFAIVjwy6I/ /xuPEi/ /XyGLg1/ /Y22GqmMm/ /y2obW1nmOgHOr4A7kw95JKRYZxAy4/ /Y7gy8vFc93EGgNB7d5liwLCiUX/ /yaWLCfVBI/ /yJ6C01yO1uRd/ /yKgYN2K0mYY/ /YolqTCGPcBX0h/ /YQ7IkSjIEP9r/ /yqNxi8IKbRIt7akB/ /Yu8wjHLmAzqyUS3XTSe/ /YXaPiWbFMKT/ /z1b9YfHoX7Fp/ /z9VYb5pwXheINT/ /ZC59RU5VC01n/ /zG4DRI/ /zvPeH/ /zxPS1i6oWXBbeK/ # Reference: https://twitter.com/Cryptolaemus1/status/1529754810698039297 sacvasanth.com/public/lyP2lh1hlJr/ stockmorehouse.com/Casa_Grande/AS4VPkTsOqWDGGO/ watersgroupglobal.com/cgi-bin/nQmb6asGeqMlh/ webguruindia.com/theme/wTbEyLVvMNB3j/ /Casa_Grande/AS4VPkTsOqWDGGO/ /cgi-bin/nQmb6asGeqMlh/ /public/lyP2lh1hlJr/ /theme/wTbEyLVvMNB3j/ /AS4VPkTsOqWDGGO/ /lyP2lh1hlJr/ /nQmb6asGeqMlh/ /wTbEyLVvMNB3j/ # Reference: https://twitter.com/Cryptolaemus1/status/1529748938747965440 talbiz.com/__MACOSX/7XV9svnWeDq/ tecni-soft.com/ACCESORIOS/Xqp/ thearlephotography.com/wp/nrmY/ thegeers.com/media/18TKQU36V/ thestewardsco.com/gJRWFBGvKVVxjE/ titaniumspareparts.com/wp-includes/orgdTLhNAy7SdeK/ /__MACOSX/7XV9svnWeDq/ /ACCESORIOS/Xqp/ /media/18TKQU36V/ /wp-includes/orgdTLhNAy7SdeK/ /18TKQU36V/ /7XV9svnWeDq/ /gJRWFBGvKVVxjE/ /orgdTLhNAy7SdeK/ # Reference: https://twitter.com/Cryptolaemus1/status/1531558750049665024 thisiselizabethj.com/wp-content/JabfxEDRBN/ /wp-content/JabfxEDRBN/ /JabfxEDRBN/ # Reference: https://twitter.com/Cryptolaemus1/status/1531549995173744640 furnituremanila.com/mmatipscom/IactRf3Hsz/ martinmichalek.com/_sub/wT6cXi/ natayakim.com/_hlam/WCCkXX/ tecni-soft.com/ACCESORIOS/PLg/ thestewardsco.com/wRxYHvdcV/ /ACCESORIOS/PLg/ /_hlam/WCCkXX/ /_sub/wT6cXi/ /mmatipscom/IactRf3Hsz/ /IactRf3Hsz/ /WCCkXX/ /wRxYHvdcV/ /wT6cXi/ # Reference: https://twitter.com/Cryptolaemus1/status/1531916548394598400 hakanaa.com/alta-frequencia/bIA8J2/ sun2u.com/wp-includes/cbDwpRMYWzLGD/ tekstiluzmangorusu.com/wp-admin/dshaqzwGiuTtiod/ tgasiamanagement.com/wp-content/m7Dk7daqAXF/ togogeeks.net/travel/yQJJPAQ/ tp-conceptdiffusion.com/POUB/7InkX/ /alta-frequencia/bIA8J2/ /POUB/7InkX/ /travel/yQJJPAQ/ /wp-admin/dshaqzwGiuTtiod/ /wp-content/m7Dk7daqAXF/ /wp-includes/cbDwpRMYWzLGD/ /7InkX/ /bIA8J2/ /cbDwpRMYWzLGD/ /dshaqzwGiuTtiod/ /m7Dk7daqAXF/ /yQJJPAQ/ # Reference: https://twitter.com/Max_Mal_/status/1532378581493592066 103.224.241.74:8080 104.244.79.94:443 157.245.111.0:8080 # Reference: https://twitter.com/Cryptolaemus1/status/1532651637847621633 fyambe.news/cgi-bin/Wbe40tfynFs4rC/ hathaabeach.com/documents/pr6/ suddedx.com/jokerslot/mb2Eadbdssh/ tassira.com/WordPress/vwZQL4Z5BPcFL3z/ /cgi-bin/Wbe40tfynFs4rC/ /jokerslot/mb2Eadbdssh/ /WordPress/vwZQL4Z5BPcFL3z/ /mb2Eadbdssh/ /vwZQL4Z5BPcFL3z/ /Wbe40tfynFs4rC/ # Reference: https://twitter.com/Cryptolaemus1/status/1532659957887168513 aseguradosaldia.com/wp-content/fKD7pFlruL4/ biathlon-sachsen.de/J3/QqJDWruxBWhYr9Pz5hp/ boucherie-thollas.com/wp-content/Q/ hsperu.pe/intranet_old/enwUUh7bZ5oyVB/ supersanmutfak.com/Template/fMh7nu/ timoleary.co.uk/css/7Nvb3VNWJH/ venessori.com/pc97sQPqfcVam4EUtcU5/ wenne24.keurigonline52.nl/cgi-bin/FsHQ3ndkZb/ windsystem.hu/cgi-bin/bqAvE44wqXSBGRhyQy/ wisatakulinerku.com/cgi-bin/QxuMrzuN/ /cgi-bin/bqAvE44wqXSBGRhyQy/ /cgi-bin/FsHQ3ndkZb/ /cgi-bin/QxuMrzuN/ /css/7Nvb3VNWJH/ /intranet_old/enwUUh7bZ5oyVB/ /J3/QqJDWruxBWhYr9Pz5hp/ /pc97sQPqfcVam4EUtcU5/ /Template/fMh7nu/ /wp-content/fKD7pFlruL4/ /7Nvb3VNWJH/ /bqAvE44wqXSBGRhyQy/ /enwUUh7bZ5oyVB/ /fKD7pFlruL4/ /fMh7nu/ /FsHQ3ndkZb/ /pc97sQPqfcVam4EUtcU5/ /QqJDWruxBWhYr9Pz5hp/ /QxuMrzuN/ # Reference: https://twitter.com/Cryptolaemus1/status/1532795305749811200 banchann.com/product/4yKcLeflYPBSv11/ brennanasia.com/images/cP8CMBY5qx1u/ tineriibucuresteni.ro/wp-includes/YBygw/ toworks.ca/phpmyadmin/X/ vietroll.vn/wp-content/TQdkP/ wietsedevries.nl/webstats/SeCPyiQbgmZYBLowsoKe/ /images/cP8CMBY5qx1u/ /product/4yKcLeflYPBSv11/ /webstats/SeCPyiQbgmZYBLowsoKe/ /wp-content/TQdkP/ /wp-includes/YBygw/ /cP8CMBY5qx1u/ /SeCPyiQbgmZYBLowsoKe/ # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-03%20Emotet%20(E4)%20xls%20IOCs 107.170.39.149:8080 115.68.227.76:8080 159.89.202.34:443 186.194.240.217:443 207.180.241.186:8080 37.187.115.122:8080 41.73.252.195:443 82.223.21.224:8080 # Reference: https://www.virustotal.com/gui/file/0a140867cfc22714293b011fc68d007a3f248b6fae7fafe6a32b866576378f32/detection bitmask.trade # Reference: https://twitter.com/silv0123/status/1534004290620104704 # Reference: https://www.virustotal.com/gui/file/c32d2be74a692229d98476b4b87d211c74a4725cf985368180b759ec848cfe27/detection nexxdecor.vn # Reference: https://twitter.com/Cryptolaemus1/status/1534423639105253377 # Reference: https://twitter.com/JAMESWT_MHT/status/1534106309422874624 # Reference: https://twitter.com/ScarletSharkSec/status/1533831235256082437 ait-service.com/images/cLtrZtaV7zkqt/ assaref.ma/old_assaref/A2B3P/ bpsjambi.id/about/SY0hWjjZ5snr/ brennanasia.com/images/6IwPBHbnUvfgugV1b/ bulldogironworksllc.com/temp/m1NNwGXaF/ burgarellaquantumhealing.org/NRl0YMBGNh8i/ chobemaster.com/components/GxCs/ cncadventist.org/wp-content/9qikjVD84B/ estacioesportivavilanovailageltru.cat/tmp/IgSyqwgJmE/ faisonfilms.com/wp-includes/jOA/ fyambe.news/cgi-bin/PJMjj3QG/ lightmyfire.in/demo/RIkAFgTFVuaI05r2/ marinamotorsindia.in/qLSYRJ4Y/ysIaBtnX3jhnmVyyZ5F/ nationco-op.org/css/8wv7lB5/ nekretnine-arka.hr/administrator/XS9uuam/ neuro-feedback-lyon.fr/wp-admin/xAEIC7jXL8q/ nexxdecor.vn/apk/zy8GkZ/ noordhoekmedical.co.za/new/xkW0Uq9ZKpo4h/ oncrete-egy.com/wp-content/G6l9zCsB/ opencart-destek.com/catalog/I7bBtKT3f2hpmhrV/ oralsinbrusque.com.br/BackUp/5qEnU8EU041pKeJ/ p-i-s-e.fr/language/yyfMPaq0mGom/ panscollections.in.th/assets/azHOBDoux/ papillonweb.fr/wp-content/G8z08q0mj/ printimiskeskus.ee/wp-includes/E2nivfaXuKKYdyo3h/ roviel.mx/wp-includes/uX2WDFhrE/ socigo.eu/wPZhZP2vUM/ stainedglassexpress.com/classes/LHwZDYjPVBMBsxgW7/ supersanmutfak.com/Template/KaYyIBPxMukjoSpAbj/ sweetzone.co/js/XVK/ thongcongnghethuthamcau.com/wp-includes/FOn2rFscjSxmSTIt5j/ topvipescortsclub.com/assets1/s36c7eLiYV/ trencadisacademia.com/wp-includes/dR7V80Fe/ void.by/wp-content/Z/ zacharywythe.com/pb_index_bak/SkEGB2c/ zktecovn.com/wp-admin/xxfnYY4zwOpFOgu3g1t/ zonainformatica.es/aspnet_client/pVcppgi00Dk/ zspwolawiazowa.pl/images/mE2Zm8RKpaLk40sk/ /about/SY0hWjjZ5snr/ /administrator/XS9uuam/ /apk/zy8GkZ/ /aspnet_client/pVcppgi00Dk/ /assets/azHOBDoux/ /assets1/s36c7eLiYV/ /BackUp/5qEnU8EU041pKeJ/ /catalog/I7bBtKT3f2hpmhrV/ /cgi-bin/PJMjj3QG/ /classes/LHwZDYjPVBMBsxgW7/ /components/GxCs/ /css/8wv7lB5/ /demo/RIkAFgTFVuaI05r2/ /images/6IwPBHbnUvfgugV1b/ /images/cLtrZtaV7zkqt/ /images/mE2Zm8RKpaLk40sk/ /language/yyfMPaq0mGom/ /new/xkW0Uq9ZKpo4h/ /old_assaref/A2B3P/ /pb_index_bak/SkEGB2c/ /qLSYRJ4Y/ysIaBtnX3jhnmVyyZ5F/ /temp/m1NNwGXaF/ /Template/KaYyIBPxMukjoSpAbj/ /tmp/IgSyqwgJmE/ /wp-admin/xAEIC7jXL8q/ /wp-admin/xxfnYY4zwOpFOgu3g1t/ /wp-content/9qikjVD84B/ /wp-content/G6l9zCsB/ /wp-content/G8z08q0mj/ /wp-includes/dR7V80Fe/ /wp-includes/E2nivfaXuKKYdyo3h/ /wp-includes/FOn2rFscjSxmSTIt5j/ /wp-includes/jOA/ /wp-includes/uX2WDFhrE/ /5qEnU8EU041pKeJ/ /6IwPBHbnUvfgugV1b/ /8wv7lB5/ /9qikjVD84B/ /azHOBDoux/ /cLtrZtaV7zkqt/ /dR7V80Fe/ /E2nivfaXuKKYdyo3h/ /FOn2rFscjSxmSTIt5j/ /G6l9zCsB/ /G8z08q0mj/ /I7bBtKT3f2hpmhrV/ /IgSyqwgJmE/ /KaYyIBPxMukjoSpAbj/ /LHwZDYjPVBMBsxgW7/ /m1NNwGXaF/ /mE2Zm8RKpaLk40sk/ /NRl0YMBGNh8i/ /PJMjj3QG/ /pVcppgi00Dk/ /qLSYRJ4Y/ /RIkAFgTFVuaI05r2/ /s36c7eLiYV/ /SkEGB2c/ /SY0hWjjZ5snr/ /uX2WDFhrE/ /wPZhZP2vUM/ /xAEIC7jXL8q/ /xkW0Uq9ZKpo4h/ /XS9uuam/ /xxfnYY4zwOpFOgu3g1t/ /ysIaBtnX3jhnmVyyZ5F/ /yyfMPaq0mGom/ /zy8GkZ/ # Reference: https://twitter.com/Cryptolaemus1/status/1534442725071650816 tekstiluzmangorusu.com/wp-admin/GKdQvamnPcK/ /wp-admin/GKdQvamnPcK/ /GKdQvamnPcK/ # Reference: https://twitter.com/Cryptolaemus1/status/1534441767785091072 yakosurf.com/wp-includes/S/ yedirenkajans.com/eski/EveoFqk8HluvS/ yell.ge/nav_logo/AEnTP/ yoymanajemen.id/wp-admin/x9Eju0/ yudaisuzuki.jp/150911pre/iI/ yusufkarpak.com.tr/css/7yCJ6KpGNdOwnW/ /css/7yCJ6KpGNdOwnW/ /eski/EveoFqk8HluvS/ /wp-admin/x9Eju0/ /7yCJ6KpGNdOwnW/ /EveoFqk8HluvS/ /x9Eju0/ # Reference: https://twitter.com/Cryptolaemus1/status/1534515568815923201 wahkiulogistics.com.hk/upload/AvtsILsT00O/ xenangifc.vn/wp-admin/CAzHLCrGgwXw6KTX0lMm/ yahir-fz.com/joy/ZnIjgkgZ18/ yedirenkajans.com/eski/y91J/ /joy/ZnIjgkgZ18/ /upload/AvtsILsT00O/ /wp-admin/CAzHLCrGgwXw6KTX0lMm/ /AvtsILsT00O/ /CAzHLCrGgwXw6KTX0lMm/ /ZnIjgkgZ18/ # Reference: https://github.com/pan-unit42/tweets/blob/master/2022-06-07-IOCs-for-Emotet-with-Cobalt-Strike.txt 114.79.130.68:8080 134.209.164.181:8080 173.249.25.219:443 190.107.19.180:8080 212.83.184.188:8080 58.96.74.42:443 bencevendeghaz.hu/wp-includes/S1mIEUnClr5s8krOm/ chobemaster.com/components/GxCs/ vibesapparels.com/dQa/Qzuqq5TZO/ /dQa/Qzuqq5TZO/ /wp-includes/S1mIEUnClr5s8krOm/ /S1mIEUnClr5s8krOm/ /Qzuqq5TZO/ # Reference: https://twitter.com/Cryptolaemus1/status/1534590926793986050 http://188.166.245.112 ftp.yuecmr.org/wp-content/EoHM9Z73mGN43lp60x/ worldmedicsky.info/matsumoto-/Tv2IOGr2p/ zvdesign.info/components/OFBzyGyPSJQamODF4S/ /components/OFBzyGyPSJQamODF4S/ /matsumoto-/Tv2IOGr2p/ /template/hK3aUGxlMDTKv1Em82R/ /wp-content/EoHM9Z73mGN43lp60x/ /EoHM9Z73mGN43lp60x/ /hK3aUGxlMDTKv1Em82R/ /OFBzyGyPSJQamODF4S/ /Tv2IOGr2p/ # Reference: https://twitter.com/Cryptolaemus1/status/1534788970739298304 iluminaguarapuava.com.br/wp-includes/WxiXRQhAVLruApIee95K/ sigratech.de/career/TaUWpjEtkdLZ3xk/ webnet.ltd.uk/wp-includes/16aute56ZVrAYR6NUL47/ xebabanhchohang.vn/wp-content/pt/ /wp-includes/16aute56ZVrAYR6NUL47/ /wp-includes/WxiXRQhAVLruApIee95K/ /career/TaUWpjEtkdLZ3xk/ /16aute56ZVrAYR6NUL47/ /TaUWpjEtkdLZ3xk/ /WxiXRQhAVLruApIee95K/ # Reference: https://twitter.com/Cryptolaemus1/status/1534693804124798976 http://136.243.217.250 mass-gardinen-shop.de/css/OlfyjQTQ/ nazreghadir.ir/wp-includes/lY90k2vwa/ vietroll.vn/wp-content/KsPEi/ wietsedevries.nl/stylesheets/RmcAxAfnnOTlTqyu7h/ zoelake.co.uk/pregnancy_files/O8pDzTtBe7/ /application/TpoPv/ /css/OlfyjQTQ/ /pregnancy_files/O8pDzTtBe7/ /stylesheets/RmcAxAfnnOTlTqyu7h/ /wp-content/KsPEi/ /wp-includes/lY90k2vwa/ /O8pDzTtBe7/ /OlfyjQTQ/ /RmcAxAfnnOTlTqyu7h/ /lY90k2vwa/ # Reference: https://twitter.com/Cryptolaemus1/status/1534874596448423936 aseguradosaldia.com/wp-content/kelQuot9kofUTL90uuE/ ftp.meconser.com/banner/rrMocScrq7/ hathaabeach.com/documents/k88rn/ wordpress.agrupem.com/wp-admin/jimjzu/ /banner/rrMocScrq7/ /documents/k88rn/ /wp-admin/jimjzu/ /wp-content/kelQuot9kofUTL90uuE/ /jimjzu/ /k88rn/ /kelQuot9kofUTL90uuE/ /rrMocScrq7/ # Reference: https://twitter.com/Cryptolaemus1/status/1534938223503634432 ftp.yourbankruptcypartner.com/wp-content/ksdtjfFji/ /wp-content/ksdtjfFji/ /ksdtjfFji/ # Reference: https://twitter.com/Cryptolaemus1/status/1534647791448096768 http://202.29.80.55 http://23.239.12.243 adviceme.gr/test/SSzbOkk633/ xpansul.com/Xpansul_Labs/Faol8LBh5I/ /dealspot/SvebxVmFucz/ /test/SSzbOkk633/ /Xpansul_Labs/Faol8LBh5I/ /Faol8LBh5I/ /SSzbOkk633/ /SvebxVmFucz/ # Reference: https://twitter.com/Cryptolaemus1/status/1534937952807112710 upscalifornia.us/libraries/VDu9kaMu/ webbandi.hu/image/m7IzjWQftQ1Jyw6/ zarzamora.com.mx/cgi-bin/hAuGj65SuKr/ /cgi-bin/hAuGj65SuKr/ /image/m7IzjWQftQ1Jyw6/ /libraries/VDu9kaMu/ /hAuGj65SuKr/ /m7IzjWQftQ1Jyw6/ /VDu9kaMu/ # Reference: https://twitter.com/Cryptolaemus1/status/1534602591627141121 retardantedefuegoperu.com/slider/E3aod/ wolle.pl/10000/pK92K8mzsUhIxNH7t/ xevis.net/xevis/tIkZkWH/ xprosac.com/wp-admin/Ulou9WHUjUkCJCzh0cV1/ /10000/pK92K8mzsUhIxNH7t/ /slider/E3aod/ /wp-admin/Ulou9WHUjUkCJCzh0cV1/ /xevis/tIkZkWH/ /pK92K8mzsUhIxNH7t/ /tIkZkWH/ /Ulou9WHUjUkCJCzh0cV1/ # Reference: https://twitter.com/Cryptolaemus1/status/1534617936518053888 buffetmazzi.com.br/ckfinder/urhhQc5W/ cesasin.com.ar/administrator/VNtzZVVTAJNH7/ wehx.com.br/wp-snapshots/ds37LVL/ zigorat.us/wp-admin/gUEMmDvnl/ /administrator/VNtzZVVTAJNH7/ /ckfinder/urhhQc5W/ /wp-admin/gUEMmDvnl/ /wp-snapshots/ds37LVL/ /ds37LVL/ /gUEMmDvnl/ /urhhQc5W/ /VNtzZVVTAJNH7/ # Reference: https://twitter.com/Cryptolaemus1/status/1535165003380142080 tvstv.yunethosting.rs/nesciuntquos/2SlrSdLBAv7/ usa-ltd.ie/wp-includes/0x7HPlZ8sGANiI5i/ vanlaereict.nl/domains/T9G5ruQJ/ wahkiulogistics.com.hk/upload/rIpUmi7MrlOc/ /domains/T9G5ruQJ/ /nesciuntquos/2SlrSdLBAv7/ /upload/rIpUmi7MrlOc/ /wp-includes/0x7HPlZ8sGANiI5i/ /0x7HPlZ8sGANiI5i/ /2SlrSdLBAv7/ /rIpUmi7MrlOc/ /T9G5ruQJ/ # Reference: https://twitter.com/dms1899/status/1535160015312498688 chobemaster.com/components/HKSRjeYB/ ingroupconsult.com/images/r1UA7ZRRR06/ primefind.com/my_pictures/doh/ weboculta.com/css/b3Lfooq37Gl4D/ /components/HKSRjeYB/ /css/b3Lfooq37Gl4D/ /images/r1UA7ZRRR06/ /b3Lfooq37Gl4D/ /HKSRjeYB/ /r1UA7ZRRR06/ # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-09%20Emotet%20(E5)%20IOCs 103.126.216.86:443 103.254.12.236:7080 103.71.99.57:8080 128.199.217.206:443 157.230.99.206:8080 165.22.254.236:8080 165.22.254.68:443 165.232.185.110:8080 198.199.70.22:8080 64.227.55.231:8080 watersgroupglobal.com/cgi-bin/hwCu/ web4nothing.com/cgi-bin/LAXoaAufu/ wpbizwon.com/FexOL2Wx00ooCfpgOw/ /cgi-bin/LAXoaAufu/ /FexOL2Wx00ooCfpgOw/ /LAXoaAufu/ # Reference: https://twitter.com/Cryptolaemus1/status/1535253743146373121 kmodo.us/cgi-bin/D/ travel.pkn2.go.th/img/AMqX1nFdEOnmk/ trivet.co.jp/css/itmXV55DnDn8MyXdeE8/ tryst.cz/sqluploads/qt0ExthG2Nnz/ /css/itmXV55DnDn8MyXdeE8/ /img/AMqX1nFdEOnmk/ /sqluploads/qt0ExthG2Nnz/ /AMqX1nFdEOnmk/ /itmXV55DnDn8MyXdeE8/ /qt0ExthG2Nnz/ # Reference: https://twitter.com/Cryptolaemus1/status/1535284154660626432 faisonfilms.com/wp-includes/5dszuc8mMSA4S0W9/ meconser.com/banner/tP8p/ topvipescortsclub.com/assets/eyA58rpFze5Gq/ wp.eryaz.net/bayar1/GQSMsqjA2/ /assets/eyA58rpFze5Gq/ /bayar1/GQSMsqjA2/ /wp-includes/5dszuc8mMSA4S0W9/ /5dszuc8mMSA4S0W9/ /eyA58rpFze5Gq/ /GQSMsqjA2/ # Reference: https://twitter.com/Cryptolaemus1/status/1535343209236557824 ftp.yuecmr.org/wp-content/Fa/ macssolutions.co.uk/cgi-bin/m3SRMIMsx2AZqvgJ/ zvdesign.info/components/FDz/ /cgi-bin/m3SRMIMsx2AZqvgJ/ /m3SRMIMsx2AZqvgJ/ # Reference: https://twitter.com/Cryptolaemus1/status/1535388083730153472 hosting107068.a2f2a.netcup.net/career/99dtjWgQEmTtpt6C31/ napolni.me/3r/uF/ stellarsummit.97.double.in.th/assets/XbmebQRsUVHL0j/ zoompixel.com.br/wp-admin/qHS/ /assets/XbmebQRsUVHL0j/ /career/99dtjWgQEmTtpt6C31/ /99dtjWgQEmTtpt6C31/ /XbmebQRsUVHL0j/ # Reference: https://twitter.com/Cryptolaemus1/status/1536120791552512000 vietroll.vn/wp-content/k9tSTiW1CosKYJOjxd/ web4nothing.com/cgi-bin/xsKuBKuQYhYz/ webpartner.fr/language/mTbIHL2P12uJ3MJlL/ /application/OP4L7MV21hbub4/ /cgi-bin/xsKuBKuQYhYz/ /language/mTbIHL2P12uJ3MJlL/ /wp-content/k9tSTiW1CosKYJOjxd/ /k9tSTiW1CosKYJOjxd/ /mTbIHL2P12uJ3MJlL/ /OP4L7MV21hbub4/ /xsKuBKuQYhYz/ # Reference: https://twitter.com/Cryptolaemus1/status/1536239833001394177 ftp.yuecmr.org/wp-content/ABEmXjp2yexi/ lopespublicidade.com/cgi-bin/iCKDPIc9MPfP5MGT/ zachboyle.com/wp-admin/5sRA5YIwMfw4cgL/ /cgi-bin/iCKDPIc9MPfP5MGT/ /wp-admin/5sRA5YIwMfw4cgL/ /wp-content/ABEmXjp2yexi/ /5sRA5YIwMfw4cgL/ /ABEmXjp2yexi/ /iCKDPIc9MPfP5MGT/ # Reference: https://twitter.com/Cryptolaemus1/status/1536266890427142144 hangaryapi.com.tr/wp-admin/E1gb6ognvvn8HX/ kbmpti.filkom.ub.ac.id/config/LdgfVAaCy/ mass-gardinen-shop.de/css/AHE8baLiW/ nazreghadir.ir/wp-includes/kaiSEoHGa/ /css/AHE8baLiW/ /config/LdgfVAaCy/ /wp-admin/E1gb6ognvvn8HX/ /wp-includes/kaiSEoHGa/ /AHE8baLiW/ /E1gb6ognvvn8HX/ /kaiSEoHGa/ /LdgfVAaCy/ # Reference: https://twitter.com/Cryptolaemus1/status/1536259739310759936 yahir-fz.com/joy/ukKbmDGhmvSeFPgc/ yakosurf.com/wp-includes/pEIRmwLFb/ /joy/ukKbmDGhmvSeFPgc/ /wp-includes/pEIRmwLFb/ /pEIRmwLFb/ /ukKbmDGhmvSeFPgc/ # Reference: https://twitter.com/Cryptolaemus1/status/1536300967809130497 agrofar.net/wp-includes/9l/ naturalpremiumtraining.ch/SzrkGMyDKD/B5sqv641iBZRadB/ taltus.co.uk/ZI1MLTU4Iww3LtnrAPg/ /SzrkGMyDKD/B5sqv641iBZRadB/ /B5sqv641iBZRadB/ /SzrkGMyDKD/ /ZI1MLTU4Iww3LtnrAPg/ # Reference: https://twitter.com/Cryptolaemus1/status/1536387530009870336 descontador.com.br/stats/RJi2rQI4QXrWCfgdmi/ dhnconstrucciones.com.ar/wp-admin/Sm02ZsVDYWdoTb7rqL/ dilsrl.com/phone/pfip5m/ drechslerstammtisch.de/fonts/ZAyXbsf/ el-energiaki.gr/wp-includes/IdrVKOGYMQodu7IlOIh/ elaboro.pl/imgs/JZH2GIHtoO7/ /fonts/ZAyXbsf/ /imgs/JZH2GIHtoO7/ /phone/pfip5m/ /stats/RJi2rQI4QXrWCfgdmi/ /wp-admin/Sm02ZsVDYWdoTb7rqL/ /wp-includes/IdrVKOGYMQodu7IlOIh/ /IdrVKOGYMQodu7IlOIh/ /JZH2GIHtoO7/ /RJi2rQI4QXrWCfgdmi/ /Sm02ZsVDYWdoTb7rqL/ /ZAyXbsf/ # Reference: https://twitter.com/Cryptolaemus1/status/1536386595901046784 hathaabeach.com/documents/xbZxXi/ tekstiluzmangorusu.com/wp-admin/VThSCtERM5Hj/ zhivir.com/wp/yrqupT1QwXuRdX3/ /documents/xbZxXi/ /wp-admin/VThSCtERM5Hj/ /wp/yrqupT1QwXuRdX3/ /VThSCtERM5Hj/ /xbZxXi/ /yrqupT1QwXuRdX3/ # Reference: https://twitter.com/Cryptolaemus1/status/1536601427103035392 aacl.co.in/images/7CMc2NlOosD4pn6ljDw/ alpsawnings.co.za/logs/KMa83/ alrotec.co.uk/wp-includes/DD2jwgazTKsp/ /images/7CMc2NlOosD4pn6ljDw/ /logs/KMa83/ /wp-includes/DD2jwgazTKsp/ /7CMc2NlOosD4pn6ljDw/ /DD2jwgazTKsp/ # Reference: https://twitter.com/Cryptolaemus1/status/1536474951162773505 bpsjambi.id/about/RTZ0AQ1/ hosting107068.a2f2a.netcup.net/career/0mtNNfbZ/ /about/RTZ0AQ1/ /career/0mtNNfbZ/ /0mtNNfbZ/ /RTZ0AQ1/ # Reference: https://twitter.com/Cryptolaemus1/status/1536609335790665728 airhobi.com/system/gbh/ akdalarabic.com/cgi-bin/lmqmGv5s/ yesdeko.com/stats/xdlT/ zonetuner.com/licenses/QC4rII7/ /cgi-bin/lmqmGv5s/ /licenses/QC4rII7/ /lmqmGv5s/ /QC4rII7/ # Reference: https://twitter.com/Cryptolaemus1/status/1536652527240122368 andecam.com.ar/flyer-julio-2017-clientes/1heVrMvqUIgje/ deadcode200.c1.biz/js/BZjzK85jtrVUyl6cvbj/ hello-front.thlab.ru/favicon/fssoZs4b/ wordpress.agrupem.com/wp-admin/c7WVBumf5iYALK/ /favicon/fssoZs4b/ /flyer-julio-2017-clientes/1heVrMvqUIgje/ /js/BZjzK85jtrVUyl6cvbj/ /wp-admin/c7WVBumf5iYALK/ /1heVrMvqUIgje/ /BZjzK85jtrVUyl6cvbj/ /c7WVBumf5iYALK/ /fssoZs4b/ # Reference: https://twitter.com/Cryptolaemus1/status/1536469819997925376 agitasi.id/m/qLCZWt/ computercollegiate.com.pk/wp-admin/q69DZX4kKZ6ssRQ/ djhost.nl/8HOicoBufQNbjbM/ /wp-admin/q69DZX4kKZ6ssRQ/ /8HOicoBufQNbjbM/ /q69DZX4kKZ6ssRQ/ # Reference: https://twitter.com/Cryptolaemus1/status/1536669757973311488 aesiafrique.com/azerty/Xiuf0wUfv1yl/ agentofficetest.com/Uploads/gyF0i2X/ cabinet-psyche.com/eCMdgqeC9jjE/ /azerty/Xiuf0wUfv1yl/ /Uploads/gyF0i2X/ /eCMdgqeC9jjE/ /gyF0i2X/ /Xiuf0wUfv1yl/ # Reference: https://twitter.com/Cryptolaemus1/status/1536704022631002113 akarweb.net/cgi-bin/DeZ4p4xG/ cabans.com/CeudWYRQEzZgrHPcI/ calzadoyuyin.com/cgj-bin/jZPff/ /cgi-bin/DeZ4p4xG/ /cgj-bin/jZPff/ /CeudWYRQEzZgrHPcI/ /DeZ4p4xG/ # Reference: https://twitter.com/Cryptolaemus1/status/1536725293419077633 awam.be/moi/seYtEQPAW/ balcaodasmarcas.com/wp-content/X5plOf5lcRhDMfzy3/ fundacioncedes.org/_installation/vjglk6ECI/ mulmatdol.com/adm/lg46WOQGCq37Qedak/ wijsneusmedia.nl/cgi-bin/xNMrVukyjq2kmdO/ zenprod.com/im_edit/2w/ /_installation/vjglk6ECI/ /adm/lg46WOQGCq37Qedak/ /cgi-bin/xNMrVukyjq2kmdO/ /moi/seYtEQPAW/ /wp-content/X5plOf5lcRhDMfzy3/ /lg46WOQGCq37Qedak/ /seYtEQPAW/ /vjglk6ECI/ /X5plOf5lcRhDMfzy3/ /xNMrVukyjq2kmdO/ # Reference: https://twitter.com/Cryptolaemus1/status/1536693252136800257 anima-terapie.cz/language/zZGGKg/ thuybaohuy.com/wp-content/ruzWQQkqn3ocIKVoPwB/ wilusz.pl/f5a02c0b/bD/ /f5a02c0b/bD/ /language/zZGGKg/ /wp-content/ruzWQQkqn3ocIKVoPwB/ /ruzWQQkqn3ocIKVoPwB/ # Reference: https://twitter.com/Cryptolaemus1/status/1536717329332989952 cagranus.com/slide/mcqAFuMhaekn/ valyval.com/pun/VAYL/ /slide/mcqAFuMhaekn/ /mcqAFuMhaekn/ # Reference: https://twitter.com/Cryptolaemus1/status/1536786211922407424 ingelse.net/ndMmqxh/ kwickconnect.com/im-messenger/Szrb9EthOX91/ manchesterslt.co.uk/a-to-z-of-slt/xOgw/ /im-messenger/Szrb9EthOX91/ /a-to-z-of-slt/xOgw/ /a-to-z-of-slt/ /ndMmqxh/ /Szrb9EthOX91/ # Reference: https://twitter.com/Cryptolaemus1/status/1536792075898716160 cashmailsystem.com/upload/XmPSGLcygR7/ /upload/XmPSGLcygR7/ /XmPSGLcygR7/ # Reference: https://twitter.com/Cryptolaemus1/status/1536845301612683264 balticcontrolbd.com/cgi-bin/Gu0xno0kIssGJF8/ careofu.com/PHPExcel/sQ78BedribNJZbGYj/ cedeco.es/js/n74fS/ fikti.bem.gunadarma.ac.id/SDM/qNeMUe2RvxdvuRlf/ /cgi-bin/Gu0xno0kIssGJF8/ /PHPExcel/sQ78BedribNJZbGYj/ /SDM/qNeMUe2RvxdvuRlf/ /Gu0xno0kIssGJF8/ /qNeMUe2RvxdvuRlf/ /sQ78BedribNJZbGYj/ # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-14%20Emotet%20(E4)%20%232%20IOCs 144.91.78.55:443 172.105.226.75:8080 207.148.79.14:8080 45.186.16.18:443 51.161.73.194:443 64.227.100.222:8080 # Reference: https://twitter.com/Cryptolaemus1/status/1536974575686152197 cansal.cl/cgi-bin/besSIJTfOk0DtHZR/ cecambrils.cat/wp-content/0KwOSfNDESlzVMoc/ chalkie.me.uk/cgi-bin/gMLuebzG2RskkJXwY/ /cgi-bin/besSIJTfOk0DtHZR/ /cgi-bin/gMLuebzG2RskkJXwY/ /wp-content/0KwOSfNDESlzVMoc/ /0KwOSfNDESlzVMoc/ /besSIJTfOk0DtHZR/ /gMLuebzG2RskkJXwY/ # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-15%20Emotet%20(E4)%20AM%20IOCs bubblefootballeurope.de/wp-admin/3aMMnYP/ byrdnest3.com/cgi-bin/TEq/ carbonbros.co.za/logs/KSTJNdxZ73hIZPKddEDT/ casov.com/proxy/kk0OWcstqPOOyeG/ /logs/KSTJNdxZ73hIZPKddEDT/ /proxy/kk0OWcstqPOOyeG/ /wp-admin/3aMMnYP/ /3aMMnYP/ /kk0OWcstqPOOyeG/ /KSTJNdxZ73hIZPKddEDT/ # Reference: https://twitter.com/Cryptolaemus1/status/1537304350917554176 athanlifeapi.com.ar/Archivos/UHjXQM6L23N/ beeslandkerman.ir/XPFvBDrNkT/lUkOx4VAOizId7u/ boraintercambios.com.br/wp-includes/AN4ixiH4Th/ brb-ljubuski.com/wp-content/2MODCk0UZasTCL6tm/ breakdownlanemovie.com/wp-admin/ZMU4aSaYleS/ brigadir.com/bkp/SwrVs4yU/ bsbmakina.com.tr/logo/eVWaAWm/ bubblefootballeurope.de/wp-admin/3aMMnYP/ buddymorel.com/AoNghcuIc6q7BEKp4/ bureauinternacional.com.ar/contador-analista-proyectos/2w/ byrdnest3.com/cgi-bin/TEq/ cannipius.nl/cgi-bin/TgPA/ carbonbros.co.za/logs/KSTJNdxZ73hIZPKddEDT/ casov.com/proxy/kk0OWcstqPOOyeG/ cerdi.com/_derived/J4Fu7VmGZQ7rGA/ chaledooleo.com.br/headers/nwQNCuxK0k5OwyXSPyP/ chasingmavericks.co.ke/agendaafrikadebates.co.ke/QznOFMKV9R/ handboog6.nl/META-INF/f/ /_derived/J4Fu7VmGZQ7rGA/ /agendaafrikadebates.co.ke/QznOFMKV9R/ /AoNghcuIc6q7BEKp4/ /Archivos/UHjXQM6L23N/ /bkp/SwrVs4yU/ /contador-analista-proyectos/2w/ /headers/nwQNCuxK0k5OwyXSPyP/ /logo/eVWaAWm/ /logs/KSTJNdxZ73hIZPKddEDT/ /proxy/kk0OWcstqPOOyeG/ /wp-admin/3aMMnYP/ /wp-admin/ZMU4aSaYleS/ /wp-content/2MODCk0UZasTCL6tm/ /wp-includes/AN4ixiH4Th/ /XPFvBDrNkT/lUkOx4VAOizId7u/ /2MODCk0UZasTCL6tm/ /3aMMnYP/ /AN4ixiH4Th/ /AoNghcuIc6q7BEKp4/ /J4Fu7VmGZQ7rGA/ /KSTJNdxZ73hIZPKddEDT/ /QznOFMKV9R/ /SwrVs4yU/ /UHjXQM6L23N/ /XPFvBDrNkT/ /ZMU4aSaYleS/ /eVWaAWm/ /kk0OWcstqPOOyeG/ /lUkOx4VAOizId7u/ /nwQNCuxK0k5OwyXSPyP/ # Reference: https://twitter.com/Cryptolaemus1/status/1538798038168154112 bascoysonido.com.ar/cgi-bin/AmUUPhWK6oTKLzHpl7zm/ basnetbd.com/ckfinder/K0a/ bdtin.com/cache/4G8pl/ /cgi-bin/AmUUPhWK6oTKLzHpl7zm/ /cache/4G8pl/ /ckfinder/K0a/ /AmUUPhWK6oTKLzHpl7zm/ # Reference: https://twitter.com/Cryptolaemus1/status/1538831511713366016 colordropsgu.com/7DORfidiAu/BquoSU/ ewingconsulting.com/buy/Ewj7oYjhYQ/ thuybaohuy.com/wp-content/VxhkYwH7/ /7DORfidiAu/BquoSU/ /buy/Ewj7oYjhYQ/ /wp-content/VxhkYwH7/ /7DORfidiAu/ /BquoSU/ /Ewj7oYjhYQ/ /VxhkYwH7/ # Reference: https://twitter.com/Cryptolaemus1/status/1538840577139040264 ceramicalafortaleza.com/css/5DSBCCH0/ /css/5DSBCCH0/ /5DSBCCH0/ # Reference: https://twitter.com/Cryptolaemus1/status/1538927479964192769 buildgujarat.com/wp-admin/oJV7bk9onm/ bvirtual.com/affinita/kCO/ cfp-courses.com/key/hs27/ fundacioncedes.org/_installation/oDPga6nfhkRo/ /_installation/oDPga6nfhkRo/ /wp-admin/oJV7bk9onm/ /oDPga6nfhkRo/ /oJV7bk9onm/ # Reference: https://twitter.com/Cryptolaemus1/status/1539228614532960257 digitalkhulna.com/wp-admin/L2z2e/ dnahealth.gr/wp-content/QkkKMaLwy4jURh6FD/ eapro.in/wp-admin/sf2MppPW30cKaWeko/ /wp-admin/sf2MppPW30cKaWeko/ /wp-content/QkkKMaLwy4jURh6FD/ /QkkKMaLwy4jURh6FD/ /sf2MppPW30cKaWeko/ # Reference: https://twitter.com/Cryptolaemus1/status/1539238983334756352 campusconindigital.org/moodle_old/9giglHrg2t/ /moodle_old/9giglHrg2t/ /9giglHrg2t/ # Reference: https://twitter.com/Cryptolaemus1/status/1539296628234141696 brooklynservicesgroup.com/inc/pIyuM/ centurypapers.com/classes/pWG9OiW050VLSs/ chainandpyle.com/Old/UlfGGNN6xbau/ charmslovespells.com/yt-assets/ZcCNJI1B/ /classes/pWG9OiW050VLSs/ /Old/UlfGGNN6xbau/ /yt-assets/ZcCNJI1B/ /pWG9OiW050VLSs/ /UlfGGNN6xbau/ /ZcCNJI1B/ # Reference: https://twitter.com/Cryptolaemus1/status/1539325124549021696 controlnetworks.com.au/wp-content/Pgb43ikTIobH/ dh.net.br/catalogo1/0cJpUJXBhuBaMdVWQf/ subbalakshmi.com/data_winning/kYv6xb/ webhoanggia.com/wp-admin/r6f3vv8ukiZjeW/ /catalogo1/0cJpUJXBhuBaMdVWQf/ /data_winning/kYv6xb/ /wp-admin/r6f3vv8ukiZjeW/ /wp-content/Pgb43ikTIobH/ /0cJpUJXBhuBaMdVWQf/ /kYv6xb/ /Pgb43ikTIobH/ /r6f3vv8ukiZjeW/ # Reference: https://twitter.com/Cryptolaemus1/status/1539511229210763264 aysbody.com/catalog/bwC1Xuouo/ bosny.com/aspnet_client/jBnf4JopKAybRZb7U/ cashmailsystem.com/upload/xsVEPr4708Uk/ thuybaohuy.com/wp-content/6O4JMYNFBxOXta/ /aspnet_client/jBnf4JopKAybRZb7U/ /catalog/bwC1Xuouo/ /upload/xsVEPr4708Uk/ /wp-content/6O4JMYNFBxOXta/ /6O4JMYNFBxOXta/ /bwC1Xuouo/ /jBnf4JopKAybRZb7U/ /xsVEPr4708Uk/ # Reference: https://twitter.com/Cryptolaemus1/status/1539524592204918784 dploy.nl/css/XLxbVjAta7vVC/ m-ainsurance.com/wp-admin/ORiPBStKNOnIV/ starluckycentre.com/data_winning/NgmBH48GCzovEIAgJY/ thegoodneighbourapp.com/cgi-bin/h4/ /css/XLxbVjAta7vVC/ /data_winning/NgmBH48GCzovEIAgJY/ /wp-admin/ORiPBStKNOnIV/ /NgmBH48GCzovEIAgJY/ /ORiPBStKNOnIV/ /XLxbVjAta7vVC/ # Reference: https://twitter.com/Cryptolaemus1/status/1539664771670474752 autosmorla.es/tmp/vi98YEQq/ disperindag.garutkab.go.id/stokggarut/EdZ43/ greenvalleyschool.com/rand_images/NT5NjK6o/ kairaliagencies.com/data_winning/RDN/ kwickconnect.com/im-messenger/hlSpL5nHop/ mulmatdol.com/adm/HH6rxyB/ nlasandbox.com/facebookpage/5XVwDnX/ /adm/HH6rxyB/ /data_winning/RDN/ /facebookpage/5XVwDnX/ /im-messenger/hlSpL5nHop/ /rand_images/NT5NjK6o/ /stokggarut/EdZ43/ /tmp/vi98YEQq/ /5XVwDnX/ /HH6rxyB/ /hlSpL5nHop/ /NT5NjK6o/ /vi98YEQq/ # Reference: https://twitter.com/Cryptolaemus1/status/1540071123651420160 autosmorla.es/tmp/vi98YEQq/ balticcontrolbd.com/images/GG1d8an/ cabans.com/CeudWYRQEzZgrHPcI/yKANkXfH/ cheffsys.com/AZOTEA/QpZ/ clubnauticocordoba.com.ar/bonus.clubnauticocordoba.com.ar/sLCbz03rYfB25/ concivilpa.com.py/cgi-bin/glDvP/ contabilidadeplenus.com.br/ebooks/dIA4V2AnYEnQL/ cpcwiki.de/images/eFnHpREqu6Had9/ creativeme.co.th/cgi-bin/2yl1sJuaL9/ cunicultura.es/blogs/DUXTBlmDSYYggXEdXU2U/ dbr.hostingsdc.pl/smiecio/19VYfhHLp/ decorusfinancial.com/wp-content/OcbOIkcGol/ dhsh.com.ar/wp-admin/H38msg/ disperindag.garutkab.go.id/stokggarut/EdZ43/ diventuretravel.com/administrator/90DadpEYTaQO1A/ djunreal.co.uk/cat/ObaACSyp07uQ41g/ dnautik.com/wp-includes/8GgXiL4N/ document.vpservice-online.com/img/cPPHgfsrA/ domyzizka.cz/js/Zbp4R/ dreams4tomorrow.org/hello/LwqLT9bzX2q/ drmetz.com/vP5MxJXIyFx/ drviniciusterra.com.br/wp-content/QMY/ dscaluya.6te.net/feedback/hi/ dulichdichvu.net/libraries/kq9ezWhY4K7sBjKV/ dusangerzicgera.com/App_Data/ZY7heGPNpm7b4Zw/ e-xim.pl/_ftp/0I6h9suZ8CRS/ eapro.in/wp-admin/cb/ ebuysa.co.za/yt-assets/ihhwpLg/ eportfolio-bizcom.msci.dusit.ac.th/e_port/AYB2aG2/ goldenheartk9s.org/2tbcs/LkUxcRQU/ greenvalleyschool.com/rand_images/NT5NjK6o/ kairaliagencies.com/data_winning/RDN/ kwickconnect.com/im-messenger/hlSpL5nHop/ mulmatdol.com/adm/HH6rxyB/ nlasandbox.com/facebookpage/5XVwDnX/ rec-escape.com/dev1/7hMk6v/ smbfranchising.com/wp-content/dpFsBFA2LfYk3mlN/ /2tbcs/LkUxcRQU/ /AZOTEA/QpZ/ /App_Data/ZY7heGPNpm7b4Zw/ /CeudWYRQEzZgrHPcI/yKANkXfH/ /_ftp/0I6h9suZ8CRS/ /adm/HH6rxyB/ /administrator/90DadpEYTaQO1A/ /blogs/DUXTBlmDSYYggXEdXU2U/ /bonus.clubnauticocordoba.com.ar/sLCbz03rYfB25/ /cat/ObaACSyp07uQ41g/ /cgi-bin/2yl1sJuaL9/ /cgi-bin/glDvP/ /data_winning/RDN/ /dev1/7hMk6v/ /e_port/AYB2aG2/ /ebooks/dIA4V2AnYEnQL/ /facebookpage/5XVwDnX/ /hello/LwqLT9bzX2q/ /im-messenger/hlSpL5nHop/ /images/GG1d8an/ /images/eFnHpREqu6Had9/ /img/cPPHgfsrA/ /js/Zbp4R/ /libraries/kq9ezWhY4K7sBjKV/ /rand_images/NT5NjK6o/ /smiecio/19VYfhHLp/ /stokggarut/EdZ43/ /tmp/vi98YEQq/ /wp-admin/H38msg/ /wp-admin/cb/ /wp-content/OcbOIkcGol/ /wp-content/QMY/ /wp-content/dpFsBFA2LfYk3mlN/ /wp-includes/8GgXiL4N/ /yt-assets/ihhwpLg/ /0I6h9suZ8CRS/ /19VYfhHLp/ /2tbcs/ /2yl1sJuaL9/ /5XVwDnX/ /7hMk6v/ /8GgXiL4N/ /90DadpEYTaQO1A/ /AYB2aG2/ /CeudWYRQEzZgrHPcI/ /cPPHgfsrA/ /dIA4V2AnYEnQL/ /dpFsBFA2LfYk3mlN/ /DUXTBlmDSYYggXEdXU2U/ /eFnHpREqu6Had9/ /GG1d8an/ /H38msg/ /HH6rxyB/ /hlSpL5nHop/ /ihhwpLg/ /kq9ezWhY4K7sBjKV/ /LkUxcRQU/ /LwqLT9bzX2q/ /NT5NjK6o/ /ObaACSyp07uQ41g/ /OcbOIkcGol/ /sLCbz03rYfB25/ /vi98YEQq/ /vP5MxJXIyFx/ /yKANkXfH/ /ZY7heGPNpm7b4Zw/ # Reference: https://twitter.com/Cryptolaemus1/status/1541455043970289666 collabsolutions.co.za/libraries/qn8LLQ66K/ comecebem.com/wp-admin/WvCd0OfZD/ congtycamvinh.com/plugins/rwPRWazNkGzg/ dotcompany.com.br/autoupdate/WVzrARSu74NtSh61uF/ /autoupdate/WVzrARSu74NtSh61uF/ /libraries/qn8LLQ66K/ /plugins/rwPRWazNkGzg/ /wp-admin/WvCd0OfZD/ /qn8LLQ66K/ /rwPRWazNkGzg/ /WvCd0OfZD/ /WVzrARSu74NtSh61uF/ # Reference: https://twitter.com/Cryptolaemus1/status/1541501652473348096 clickmarlow.co.uk/3/xD/ clirtec.com/Q/ clotizen.dothome.co.kr/members/lZTkIb3OkjcV/ ecube.com.mx/eNN4CdXSZNfI/sW/ /members/lZTkIb3OkjcV/ /eNN4CdXSZNfI/sW/ /eNN4CdXSZNfI/ /lZTkIb3OkjcV/ # Reference: https://twitter.com/Cryptolaemus1/status/1541514950820364288 comhina.us/wp-admin/BqXXttOa3XLjg1u/ corporaciondominic.pe/img/dkP/ groupetqg.sn/css/LwnjuVS1fUFpRDg6j/ llev.com.br/app/Rdc1mvTcSSjLl3z/ /app/Rdc1mvTcSSjLl3z/ /css/LwnjuVS1fUFpRDg6j/ /wp-admin/BqXXttOa3XLjg1u/ /BqXXttOa3XLjg1u/ /LwnjuVS1fUFpRDg6j/ /Rdc1mvTcSSjLl3z/ # Reference: https://twitter.com/Cryptolaemus1/status/1541669353619599361 dusangerzicgera.com/App_Data/RiZCHA/ smbfranchising.com/wp-content/LKQlLKENda0/ ybp.rpmediateam.com/wp-includes/uU0hig4dnTtbaW/ /App_Data/RiZCHA/ /wp-content/LKQlLKENda0/ /wp-includes/uU0hig4dnTtbaW/ /LKQlLKENda0/ /RiZCHA/ /uU0hig4dnTtbaW/ # Reference: https://twitter.com/Cryptolaemus1/status/1541532027039518720 clubaero.nl/cJJLfpp27Ze5DuC2/TENAeuVUB/ cmsv.cv/dol/VIkPf1vZMlMnYEsL9B/ greenvalleyschool.com/rand_images/bqeuVAN6B7LhN7hx/ /cJJLfpp27Ze5DuC2/TENAeuVUB/ /dol/VIkPf1vZMlMnYEsL9B/ /rand_images/bqeuVAN6B7LhN7hx/ /bqeuVAN6B7LhN7hx/ /cJJLfpp27Ze5DuC2/ /TENAeuVUB/ /VIkPf1vZMlMnYEsL9B/ # Reference: https://twitter.com/Cryptolaemus1/status/1541690240263282688 construlandia.com/templates/SGbVH/ corpuslender.com/wp-content/1Ct3JyyZxKrywIr/ encuadernacionesartis.com/gcBjAvx/XFbc014fTyATJhss/ erp.pinaken.com/appPhoto/1nDHhHb7eso9uJhEDoX/ /appPhoto/1nDHhHb7eso9uJhEDoX/ /gcBjAvx/XFbc014fTyATJhss/ /templates/SGbVH/ /wp-content/1Ct3JyyZxKrywIr/ /1Ct3JyyZxKrywIr/ /1nDHhHb7eso9uJhEDoX/ /gcBjAvx/ /XFbc014fTyATJhss/ # Reference: https://www.virustotal.com/gui/file/005e381cb39d53c4574f418f8fd4349fa2ad582950b62b08e8064be580f11d3c/detection 156.255.212.186:8611 # Reference: https://twitter.com/Cryptolaemus1/status/1541776923575013376 advanzabpo.com/fonts/K1cXL8XJarbXYL0Spr/ asaferefuge.org/wp-admin/2LO/ cashmailsystem.com/upload/yRC05/ ewingconsulting.com/wp-includes/B4ZzwwImcXf6w8/ /fonts/K1cXL8XJarbXYL0Spr/ /wp-includes/B4ZzwwImcXf6w8/ /B4ZzwwImcXf6w8/ /K1cXL8XJarbXYL0Spr/ # Reference: https://twitter.com/Cryptolaemus1/status/1541776860623048704 corporateissolutions.com/administrator/xOEXwASH3uUe/ curite.net/cgi-bin/1IXkx/ decorusfinancial.com/wp-content/4E3HMlzDpriI3MZ0fp/ kairaliagencies.com/data_winning/kWV0fTwakEvHJUKF/ /administrator/xOEXwASH3uUe/ /cgi-bin/1IXkx/ /data_winning/kWV0fTwakEvHJUKF/ /wp-content/4E3HMlzDpriI3MZ0fp/ /4E3HMlzDpriI3MZ0fp/ /kWV0fTwakEvHJUKF/ /xOEXwASH3uUe/ # Reference: https://twitter.com/Cryptolaemus1/status/1542019387972263936 bruidsfotografie-breda.nl/cache/QPk/ chawkyfrenn.com/icon/JtT/ chillpassion.com/wp-content/nd4wjKgokzKbKH0DQDD/ chiptochip.es/alojamiento-web/dofwXVVQ3hvsp/ /alojamiento-web/dofwXVVQ3hvsp/ /wp-content/nd4wjKgokzKbKH0DQDD/ /dofwXVVQ3hvsp/ /nd4wjKgokzKbKH0DQDD/ # Reference: https://twitter.com/Cryptolaemus1/status/1541887086600392709 chaledooleo.com.br/headers/q7JUE0LzZJQsCQ/ charmslovespells.com/yt-assets/ouRMgGG/ centurypapers.com/classes/jNaLifXh9jHzIb/ cesasin.com.ar/administrator/U12P8KYU/ /administrator/U12P8KYU/ /classes/jNaLifXh9jHzIb/ /headers/q7JUE0LzZJQsCQ/ /yt-assets/ouRMgGG/ /jNaLifXh9jHzIb/ /ouRMgGG/ /q7JUE0LzZJQsCQ/ /U12P8KYU/ # Reference: https://twitter.com/Cryptolaemus1/status/1541903389885624321 document.vpservice-online.com/img/M6rkbsbyTtjk/ starluckycentre.com/data_winning/jKKGZ2/ subbalakshmi.com/data_winning/gzPasNcjGsBU/ /data_winning/jKKGZ2/ /data_winning/gzPasNcjGsBU/ /img/M6rkbsbyTtjk/ /gzPasNcjGsBU/ /jKKGZ2/ /M6rkbsbyTtjk/ # Reference: https://twitter.com/Cryptolaemus1/status/1542091077955354624 blessingsource.com/wp-admin/mX05YNbiSuwRhURh/ bosny.com/aspnet_client/3HKzQi/ cabans.com/CeudWYRQEzZgrHPcI/qY1HHnP5Av3fvb11s/ dhcmart.com/js/izJrXjec/ /aspnet_client/3HKzQi/ /CeudWYRQEzZgrHPcI/qY1HHnP5Av3fvb11s/ /js/izJrXjec/ /wp-admin/mX05YNbiSuwRhURh/ /3HKzQi/ /CeudWYRQEzZgrHPcI/ /izJrXjec/ /mX05YNbiSuwRhURh/ /qY1HHnP5Av3fvb11s/ # Reference: https://twitter.com/Cryptolaemus1/status/1542098582429261824 bramynapilota.com.pl/wp-admin/xCZp8SgBtmxELi/ camcha.cl/wp-admin/uaGdFOaYvx9p0sHuur/ caravanasitsaso.es/wp-content/dYbHrCM41ZJ9/ drcno.sk/_sub/kweb8e/ /wp-admin/xCZp8SgBtmxELi/ /wp-admin/uaGdFOaYvx9p0sHuur/ /wp-content/dYbHrCM41ZJ9/ /_sub/kweb8e/ /dYbHrCM41ZJ9/ /uaGdFOaYvx9p0sHuur/ /xCZp8SgBtmxELi/ # Reference: https://twitter.com/Cryptolaemus1/status/1542144763171856387 coolcraft.at/wordpress/aAr/ # Reference: https://twitter.com/Cryptolaemus1/status/1542202381823143936 bamassociates.net/admin/cDRv5kGpHxun9RP/ bencevendeghaz.hu/wp-includes/zWV5RmHTSn8eaP/ cs14productions.com/nav2/Om8zPGbo1ryK0hym/ /admin/cDRv5kGpHxun9RP/ /nav2/Om8zPGbo1ryK0hym/ /wp-includes/zWV5RmHTSn8eaP/ /cDRv5kGpHxun9RP/ /Om8zPGbo1ryK0hym/ /zWV5RmHTSn8eaP/ # Reference: https://twitter.com/Cryptolaemus1/status/1542165090644148224 corneliussen.dk/wp-includes/hZ1hsgTdbppDlYP/ cosole.dk/wp-includes/U/ diarioaldia.com.ar/admin/Bzq5zzq8CAYy/ garantihaliyikama.com/wp-admin/CcxWGjZEjriZ9zMdsP/ kspintidana.com/wp-admin/jjiOcQAL/ mobiles-photostudio.com/MPS/uYUKsZhII1qQ1/ zablimconsultancy.co.ke/musagala/pmOVrwAwG/ /admin/Bzq5zzq8CAYy/ /MPS/uYUKsZhII1qQ1/ /musagala/pmOVrwAwG/ /wp-admin/CcxWGjZEjriZ9zMdsP/ /wp-admin/jjiOcQAL/ /wp-includes/hZ1hsgTdbppDlYP/ /Bzq5zzq8CAYy/ /CcxWGjZEjriZ9zMdsP/ /hZ1hsgTdbppDlYP/ /jjiOcQAL/ /pmOVrwAwG/ /uYUKsZhII1qQ1/ # Reference: https://twitter.com/Cryptolaemus1/status/1542223425040551936 charmingsoftech.com/AMMAN/lq7ihucFtWWFliuiuK/ /AMMAN/lq7ihucFtWWFliuiuK/ /lq7ihucFtWWFliuiuK/ # Reference: https://twitter.com/Cryptolaemus1/status/1542262288723615745 fcstradesolutions.com/cgi-bin/EKrh/ financialchile.com/art/nTXsGe8VHFLC5yH/ periodistesgolf.cat/tmp/c71/ reneetten.nl/Menu/jKiBaSmhgyBD3/ /art/nTXsGe8VHFLC5yH/ /Menu/jKiBaSmhgyBD3/ /jKiBaSmhgyBD3/ /nTXsGe8VHFLC5yH/ # Reference: https://twitter.com/Cryptolaemus1/status/1542405490801803264 aysbody.com/catalog/FlJ6iKCntAwfO85/ fikti.bem.gunadarma.ac.id/SDM/wC256Xn/ happyakrz.com/css/g4w1rdi/ hepsisifa.com/wp-content/T0kkNeOlvF/ /catalog/FlJ6iKCntAwfO85/ /css/g4w1rdi/ /SDM/wC256Xn/ /wp-content/T0kkNeOlvF/ /FlJ6iKCntAwfO85/ /g4w1rdi/ /T0kkNeOlvF/ /wC256Xn/ # Reference: https://twitter.com/Cryptolaemus1/status/1542423912080089088 hayalkatibi.com/catalog/pJix6SFfnbNWFMuu8m/ /catalog/pJix6SFfnbNWFMuu8m/ /pJix6SFfnbNWFMuu8m/ # Reference: https://twitter.com/Cryptolaemus1/status/1542541291879182339 cicerosd.com/wp-includes/KnC/ civcraft.net/0NB225K3VjLuJm/75nYicnqulFb/ gumushaliyikama.com.tr/images/53K7VVUhrbL/ guvenliksepeti.net/ygzz/wIvF/ /0NB225K3VjLuJm/75nYicnqulFb/ /images/53K7VVUhrbL/ /0NB225K3VjLuJm/ /53K7VVUhrbL/ /75nYicnqulFb/ # Reference: https://twitter.com/Cryptolaemus1/status/1542609163288584192 atelierkikala.com/Facebook/zWUe7fBXDJ/ brittknight.com/PHP/5bgKOXH0pM/ hadramout21.com/wp-includes/zt5Jk4CthZxbloJW/ /Facebook/zWUe7fBXDJ/ /PHP/5bgKOXH0pM/ /wp-includes/zt5Jk4CthZxbloJW/ /5bgKOXH0pM/ /zt5Jk4CthZxbloJW/ /zWUe7fBXDJ/ # Reference: https://twitter.com/Cryptolaemus1/status/1542647617737240577 astrogurusunilbarmola.com/css/kmy7FWW03Z2/ birebiregitim.net/wp-includes/kBhu9witwga0pg8GrgP/ ergbox.com/cgi-bin/JNB/ evashopping.thietkewebsitechuanseo.com/assets/rNAyQu/ forensisbilisim.com/wp-includes/tznAlaHXSY/ fullplateconsulting.com/_notes/aFZKot9/ fullwiz.com.br/erros/v2om35w/ fundaciontheoz.cl/pensamientooccidental/OGQK0eVU0RRxE0/ gxthanhtam.com/modules/cvH3FI3vRRmAxH/ /_notes/aFZKot9/ /assets/rNAyQu/ /css/kmy7FWW03Z2/ /erros/v2om35w/ /modules/cvH3FI3vRRmAxH/ /pensamientooccidental/OGQK0eVU0RRxE0/ /wp-includes/kBhu9witwga0pg8GrgP/ /wp-includes/tznAlaHXSY/ /OGQK0eVU0RRxE0/ /aFZKot9/ /cvH3FI3vRRmAxH/ /kBhu9witwga0pg8GrgP/ /kmy7FWW03Z2/ /rNAyQu/ /tznAlaHXSY/ /v2om35w/ # Reference: https://twitter.com/Cryptolaemus1/status/1542897896198406146 astrogurusunilbarmola.com/css/kmy7FWW03Z2/ birebiregitim.net/wp-includes/kBhu9witwga0pg8GrgP/ educacionsanvicentefundacion.com/iplookup/NmUBGEds2KgV/ exsite.pt/ocmods_meus/Yo7Zn4/ f5ajans.com/merthel/vvWRK/ federation-sardaniste.fr/calendrier/k46ShzQoCG/ firestoppers.co.za/language/L7bx4/ forensisbilisim.com/wp-includes/tznAlaHXSY/ fotowahn.ch/galleries/rfL4zx0IH7bZ2/ fullwiz.com.br/erros/v2om35w/ galaxy-catering.com.vn/galxy/nkW/ gedebey-tvradio.info/wp-includes/ydPz/ globartmag.com/images/8VAq5ZSSrbfHJFmzb/ greenlizard.co.za/amanah/INpHWowXue/ gtraff.com/wp-includes/fLx/ gxthanhtam.com/modules/cvH3FI3vRRmAxH/ helmprecision.com/Helm/main/css/F1RnG5nDhK/ oud-fit.nl/wp-admin/YxJGcfwvk/ peicovich.com/lavida/8xCoNjoBMhu1/ /amanah/INpHWowXue/ /calendrier/k46ShzQoCG/ /css/kmy7FWW03Z2/ /erros/v2om35w/ /galleries/rfL4zx0IH7bZ2/ /images/8VAq5ZSSrbfHJFmzb/ /iplookup/NmUBGEds2KgV/ /language/L7bx4/ /lavida/8xCoNjoBMhu1/ /merthel/vvWRK/ /modules/cvH3FI3vRRmAxH/ /ocmods_meus/Yo7Zn4/ /wp-admin/YxJGcfwvk/ /wp-includes/fLx/ /wp-includes/kBhu9witwga0pg8GrgP/ /wp-includes/tznAlaHXSY/ /wp-includes/ydPz/ /8VAq5ZSSrbfHJFmzb/ /8xCoNjoBMhu1/ /INpHWowXue/ /L7bx4/ /NmUBGEds2KgV/ /Yo7Zn4/ /YxJGcfwvk/ /cvH3FI3vRRmAxH/ /k46ShzQoCG/ /kBhu9witwga0pg8GrgP/ /kmy7FWW03Z2/ /rfL4zx0IH7bZ2/ /tznAlaHXSY/ /v2om35w/ # Reference: https://twitter.com/Cryptolaemus1/status/1542783929669029888 fundustry.net/sjaak/qu6Ha/ galaxy-catering.com.vn/galxy/nkW/ geoshot.org/photogrammetryservices.com/8JDPk/ greenlizard.co.za/amanah/INpHWowXue/ grouprobust.com/cgi-bin/NAf8vJWleV0Y6KerEIW/ guedala.com.br/cgi-bin/8hNjaOngZWq1lDIiz/ guiatvpro.com/emergency_mode/Iq4i1lSvE9V6fpLapS/ haircutbar.com/cgi-bin/Ibo/ helmprecision.com/Helm/main/css/F1RnG5nDhK/ osor-promet.si/blogs/6qZ5U03/ swork.pl/de/rA80zJo05lBHAT2cYOC/ /amanah/INpHWowXue/ /blogs/6qZ5U03/ /cgi-bin/8hNjaOngZWq1lDIiz/ /cgi-bin/NAf8vJWleV0Y6KerEIW/ /de/rA80zJo05lBHAT2cYOC/ /emergency_mode/Iq4i1lSvE9V6fpLapS/ /photogrammetryservices.com/8JDPk/ /6qZ5U03/ /8hNjaOngZWq1lDIiz/ /INpHWowXue/ /Iq4i1lSvE9V6fpLapS/ /NAf8vJWleV0Y6KerEIW/ /rA80zJo05lBHAT2cYOC/ # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-30%20Emotet%20(E4)%20IOCs 104.168.155.143:8080 135.148.6.80:443 139.59.126.41:443 213.239.212.5:443 45.55.191.130:443 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-27%20Emotet%20(E4)%20IOCs 139.162.113.169:8080 45.76.181.158:443 # Reference: https://twitter.com/Cryptolaemus1/status/1543712014673264640 birebiregitim.net/wp-includes/6TZYwP7KzCD/ financialchile.com/art/7Youv4A9Kf/ francite.net/images/fT7/ guvenliksepeti.net/ygzz/u5FoPrW8qKzgI/ /art/7Youv4A9Kf/ /wp-includes/6TZYwP7KzCD/ /ygzz/u5FoPrW8qKzgI/ /6TZYwP7KzCD/ /7Youv4A9Kf/ /u5FoPrW8qKzgI/ # Reference: https://twitter.com/Cryptolaemus1/status/1543744113883103234 ent.draftserver.com/cgi-bin/q0T43kuB3QeVjr9Zn7MB/ evosp.com.br/doli/yupRZccN20nUJW4/ garantihaliyikama.com/wp-admin/rbA4tnGz3iFzA8/ reneetten.nl/Menu/zRiacFs/ /cgi-bin/q0T43kuB3QeVjr9Zn7MB/ /doli/yupRZccN20nUJW4/ /Menu/zRiacFs/ /wp-admin/rbA4tnGz3iFzA8/ /q0T43kuB3QeVjr9Zn7MB/ /rbA4tnGz3iFzA8/ /yupRZccN20nUJW4/ /zRiacFs/ # Reference: https://twitter.com/Cryptolaemus1/status/1543857718196285441 educacionsanvicentefundacion.com/iplookup/wYEInbaN/ gedebey-tvradio.info/wp-includes/T0J9THbd5f2/ haircutbar.com/cgi-bin/dNfEA5F/ /cgi-bin/dNfEA5F/ /iplookup/wYEInbaN/ /wp-includes/T0J9THbd5f2/ /dNfEA5F/ /T0J9THbd5f2/ /wYEInbaN/ # Reference: https://twitter.com/Cryptolaemus1/status/1543871251545853953 duinrand-s.nl/Nieuws/S9Y8DumfrBU1r5unO/ emett.com/images/kk2l4zoRKwv2vIEK/ f5ajans.com/merthel/vvWRK/KVVGB6o7SPoorfaI/ galileuconcursos.com.br/wp-admin/Pt8VGg/ /images/kk2l4zoRKwv2vIEK/ /Nieuws/S9Y8DumfrBU1r5unO/ /vvWRK/KVVGB6o7SPoorfaI/ /wp-admin/Pt8VGg/ /kk2l4zoRKwv2vIEK/ /KVVGB6o7SPoorfaI/ /Pt8VGg/ /S9Y8DumfrBU1r5unO/ # Reference: https://twitter.com/Cryptolaemus1/status/1543973874282512389 corpuslender.com/wp-content/3lfRabuJe3/ curite.net/cgi-bin/MVlEWg5erc/ digital21.cl/genchile/Pp1LDfwHR0IJPWHpq3R/ enamsg.com/components/nLRKIxof/ ewingconsulting.com/wp-includes/1sqrshC/ fontecmobile.com/pk/jINs/ llev.com.br/app/W2ehSSGWXTBpOf/ nellydwiputri.co.id/images/lZfuoNe2vyr/ /wp-includes/1sqrshC/ /app/W2ehSSGWXTBpOf/ /images/lZfuoNe2vyr/ /cgi-bin/MVlEWg5erc/ /components/nLRKIxof/ /genchile/Pp1LDfwHR0IJPWHpq3R/ /wp-content/3lfRabuJe3/ /1sqrshC/ /3lfRabuJe3/ /lZfuoNe2vyr/ /MVlEWg5erc/ /nLRKIxof/ /Pp1LDfwHR0IJPWHpq3R/ /W2ehSSGWXTBpOf/ # Reference: https://twitter.com/Cryptolaemus1/status/1544034699441344512 c-frk.jp/__HPB_Recycled/9wPduLjbQrj/ escueladecinemza.com.ar/administrator/AJQZvkcY/ parsmemoryesfahan.ir/catalog/89gPqWk5KjFDw/ /__HPB_Recycled/9wPduLjbQrj/ /administrator/AJQZvkcY/ /catalog/89gPqWk5KjFDw/ /89gPqWk5KjFDw/ /9wPduLjbQrj/ /AJQZvkcY/ # Reference: https://twitter.com/Cryptolaemus1/status/1544029804558659584 fisika.mipa.uns.ac.id/reseller/img/g6D4XXu84leSua6/ /img/g6D4XXu84leSua6/ /g6D4XXu84leSua6/ # Reference: https://twitter.com/Cryptolaemus1/status/1544029803594289152 artefatocultural.org.br/site/4Qyaea/ chaledooleo.com.br/headers/EqWziqtP7sHX/ ybp.rpmediateam.com/wp-includes/ONohM1EIMw6UBFVCBWD/ /headers/EqWziqtP7sHX/ /site/4Qyaea/ /wp-includes/ONohM1EIMw6UBFVCBWD/ /4Qyaea/ /EqWziqtP7sHX/ /ONohM1EIMw6UBFVCBWD/ # Reference: https://twitter.com/Cryptolaemus1/status/1544219993138597888 akdalarabic.com/cgi-bin/WQ0nRFFi3/ aseguradosaldia.com/wp-content/5xLOG2xKBT20s8e6Fs1/ chillpassion.com/wp-content/Qcl3YY1jmc/akdalarabic.com/cgi-bin/WQ0nRFFi3/ clinicaportalpsicologia.com.br/wp-content/rknwta6Ncgt9xnXu7S/ fundaciontheoz.cl/pensamientooccidental/tilKftYVgHoCu4pp/ greenlizard.co.za/amanah/HJErj/ weboculta.com/css/4teU8698559ttLN/ wp.eryaz.net/bayar1/gQ3C8aNR9773v0sWR/ yakosurf.com/wp-includes/n6ZMo/ zarzamora.com.mx/cgi-bin/bg7Q06nqt3DJRvH0/ zhivir.com/wp/g1bvvKyM/ /amanah/HJErj/ /bayar1/gQ3C8aNR9773v0sWR/ /cgi-bin/WQ0nRFFi3/ /cgi-bin/bg7Q06nqt3DJRvH0/ /css/4teU8698559ttLN/ /pensamientooccidental/tilKftYVgHoCu4pp/ /wp-content/5xLOG2xKBT20s8e6Fs1/ /wp-content/Qcl3YY1jmc/ /wp-content/rknwta6Ncgt9xnXu7S/ /wp-includes/n6ZMo/ /wp/g1bvvKyM/ /4teU8698559ttLN/ /5xLOG2xKBT20s8e6Fs1/ /Qcl3YY1jmc/ /WQ0nRFFi3/ /bg7Q06nqt3DJRvH0/ /g1bvvKyM/ /gQ3C8aNR9773v0sWR/ /rknwta6Ncgt9xnXu7S/ /tilKftYVgHoCu4pp/ # Reference: https://twitter.com/Artilllerie/status/1544315100504399872 174.138.33.49:7080 178.238.225.252:8080 # Reference: https://twitter.com/Cryptolaemus1/status/1544369950454075392 aacl.co.in/images/zZMVn05EJDpTcQ/ balibuli.hu/galeria/ArPQKNsnvuW/ baykusoglu.com.tr/wp-admin/0o7/ induvit.tlaxcala.gob.mx/components/CFZUmiQTd367H4nH/ /components/CFZUmiQTd367H4nH/ /galeria/ArPQKNsnvuW/ /images/zZMVn05EJDpTcQ/ /ArPQKNsnvuW/ /CFZUmiQTd367H4nH/ /zZMVn05EJDpTcQ/ # Reference: https://twitter.com/Cryptolaemus1/status/1544519709734817797 airhobi.com/system/4Z6puOENN1DH2HYMzKLz/ charliecaper.com/wp-includes/Q8IU0ksWg0/ che-fare.com/che-fare-media/rPI4ln2WQ7IyznRle/ empresaweb.com.br/bootstrap/ZDuT5jT0N35ssN/ ftp.yourbankruptcypartner.com/wp-content/HjSaWCEgzhi6CZS/ greycoconut.com/edm/X9xZ/ harleyqueretaro.com/renew2019/Back2016-12-22/cv/data/mFTZ50JsmKq/ napolni.me/3r/ILq7TqCUS/ pccurico.cl/wp-admin/9XR3XWZGidfKVYYzW/ sigratech.de/career/sRpMMHief7H/ vietroll.vn/wp-content/fMgN4vYD1/ webbandi.hu/image/Ifm98UCtROXr/ yudaisuzuki.jp/150911pre/nsA8XrN93S/ zonainformatica.es/aspnet_client/n0ULlfoAHHQh9tagckL/ zspwolawiazowa.pl/images/Qb86rcUXgBHhg/ /150911pre/nsA8XrN93S/ /3r/ILq7TqCUS/ /aspnet_client/n0ULlfoAHHQh9tagckL/ /bootstrap/ZDuT5jT0N35ssN/ /career/sRpMMHief7H/ /che-fare-media/rPI4ln2WQ7IyznRle/ /data/mFTZ50JsmKq/ /image/Ifm98UCtROXr/ /images/Qb86rcUXgBHhg/ /system/4Z6puOENN1DH2HYMzKLz/ /wp-admin/9XR3XWZGidfKVYYzW/ /wp-content/HjSaWCEgzhi6CZS/ /wp-content/fMgN4vYD1/ /wp-includes/Q8IU0ksWg0/ /4Z6puOENN1DH2HYMzKLz/ /9XR3XWZGidfKVYYzW/ /HjSaWCEgzhi6CZS/ /ILq7TqCUS/ /Ifm98UCtROXr/ /Q8IU0ksWg0/ /Qb86rcUXgBHhg/ /ZDuT5jT0N35ssN/ /fMgN4vYD1/ /mFTZ50JsmKq/ /n0ULlfoAHHQh9tagckL/ /nsA8XrN93S/ /rPI4ln2WQ7IyznRle/ /sRpMMHief7H/ # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-05%20Emotet%20(E4)%20IOCs 144.202.108.116:8080 147.139.166.154:8080 164.90.222.65:443 # Reference: https://twitter.com/Cryptolaemus1/status/1544594929023799296 gedebey-tvradio.info/wp-includes/nOmdPyUpDB/ haircutbar.com/cgi-bin/SpJT9OKPmUpJfkGqv/ /cgi-bin/SpJT9OKPmUpJfkGqv/ /wp-includes/nOmdPyUpDB/ /nOmdPyUpDB/ /SpJT9OKPmUpJfkGqv/ # Reference: https://twitter.com/Cryptolaemus1/status/1544599503281729536 atici.net/c/MgEC/ atperson.com/campusvirtual/3aAaeSKPaURF/ buffetmazzi.com.br/ckfinder/i/ /campusvirtual/3aAaeSKPaURF/ /3aAaeSKPaURF/ # Reference: https://twitter.com/Cryptolaemus1/status/1544584763679260673 chadhymas.com/wp-admin/ZuFQrj/ cointrade.world/receipts/Sa6fYJpecEVqiRf05/ francite.net/images/XI7zS0X1nY/ /images/XI7zS0X1nY/ /receipts/Sa6fYJpecEVqiRf05/ /Sa6fYJpecEVqiRf05/ /wp-admin/ZuFQrj/ /XI7zS0X1nY/ /ZuFQrj/ # Reference: https://www.virustotal.com/gui/file/009691eac43a379cfb16af76765628fa7b5edd661f15269473810499069e0703/detection http://64.183.73.122 agapewilderness.com/wordpress/cj5O/ getmodels.net/sys-cache/po/ ruskinc.com/7k2ql/zmIt/ /7k2ql/zmIt/ /wordpress/cj5O/ /Xn5TSZr/1A0oodd0Rd0/ /1A0oodd0Rd0/ /Xn5TSZr/ # Reference: https://twitter.com/Cryptolaemus1/status/1544725228286541824 aysbody.com/catalog/Oax5/ dawtona.dev.goldensystem.pl/wp-admin/EX05554XhKk3ee2cQ/ garantihaliyikama.com/wp-admin/QVvdNIasGj/ yoymanajemen.id/wp-content/khXBxIm5/ /catalog/Oax5/ /wp-admin/EX05554XhKk3ee2cQ/ /wp-admin/QVvdNIasGj/ /wp-content/khXBxIm5/ /EX05554XhKk3ee2cQ/ /khXBxIm5/ /QVvdNIasGj/ # Reference: https://twitter.com/Cryptolaemus1/status/1544831851566895104 agtrade.hu/images/kiQYmOs2tSKq/ daxberger.at/stats/NfxCfPkIhjZqEvLMN2Ul/ dazzlecollections.co.za/THDXpHbk3YwA/HTolLw1ams3x/ dirigent.co.uk/vardagsekonomi/iC36jJ4J1cf/ earthmach.co.za/libraries/tWkZh9YrXbTd6IeX/ edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/ finvest.rs/wp-admin/Hr9nVNTIHgw59S/ k-s-j.jp/contact/r3a9keM/ kentandcowines.com.au/wp-content/nkz1FRU9Y5i/L/ sunflowerlaboratory.in/fonts/79Tq62ly/ zachboyle.com/wp-admin/EA470ZrTGNkuA/ /cgi-bin/jQNq9wlH1GXU/ /contact/r3a9keM/ /fonts/79Tq62ly/ /images/kiQYmOs2tSKq/ /libraries/tWkZh9YrXbTd6IeX/ /stats/NfxCfPkIhjZqEvLMN2Ul/ /THDXpHbk3YwA/HTolLw1ams3x/ /vardagsekonomi/iC36jJ4J1cf/ /wp-admin/EA470ZrTGNkuA/ /wp-admin/Hr9nVNTIHgw59S/ /wp-content/nkz1FRU9Y5i/ /79Tq62ly/ /EA470ZrTGNkuA/ /HTolLw1ams3x/ /Hr9nVNTIHgw59S/ /NfxCfPkIhjZqEvLMN2Ul/ /THDXpHbk3YwA/ /iC36jJ4J1cf/ /jQNq9wlH1GXU/ /kiQYmOs2tSKq/ /nkz1FRU9Y5i/ /r3a9keM/ /tWkZh9YrXbTd6IeX/ # Reference: https://twitter.com/Cryptolaemus1/status/1544963991843180544 akuntansi.itny.ac.id/asset/H10R0aWYC/ corpuslender.com/wp-content/jb4hyj9Ufawl/ curite.net/cgi-bin/SJ2LI/ enamsg.com/components/juTBPJ0Jr6FMh5AuDf/ /asset/H10R0aWYC/ /cgi-bin/SJ2LI/ /components/juTBPJ0Jr6FMh5AuDf/ /wp-content/jb4hyj9Ufawl/ /H10R0aWYC/ /jb4hyj9Ufawl/ /juTBPJ0Jr6FMh5AuDf/ # Reference: https://twitter.com/Cryptolaemus1/status/1545087568328286208 alsafwa.com.ly/webcal/E3Yx9UarfMuz6sk/ bpsjambi.id/about/5dDtahY1ewj/ frascona.com.ar/assets/xobbA5VJIi/ galileuconcursos.com.br/wp-admin/iF9x/ /about/5dDtahY1ewj/ /assets/xobbA5VJIi/ /webcal/E3Yx9UarfMuz6sk/ /wp-admin/iF9x/ /5dDtahY1ewj/ /E3Yx9UarfMuz6sk/ /xobbA5VJIi/ # Reference: https://twitter.com/kienbigmummy/status/1545258351696965632 yell.ge/nav_logo/cvLMav68/ /nav_logo/cvLMav68/ /cvLMav68/ # Reference: https://twitter.com/Cryptolaemus1/status/1545402191992979457 akdalarabic.com/cgi-bin/NxYwE8FyaIw3Kgile/ armannahalpersian.ir/armannahalpersian/byxUd7hAO2/ borntobefree.org.za/kQLk1lMTa79K4xwgJ5g/ZMmtgsoZk9ng1S6V/ corpandina.com.pe/js/9dwcb1g2Vqh3Owz/ disweb.sk/lfHCegwZndgMs/KFfG/ fikti.bem.gunadarma.ac.id/SDM/xDYmcOngg/ greenlizard.co.za/amanah/FnrTI/ wp.eryaz.net/bayar1/7sa9BpCVdDRcrMWiROv3/ xebabanhchohang.vn/wp-content/sux8Bfyu/ yakosurf.com/wp-includes/y9jgKE7f1wMM/ /amanah/FnrTI/ /armannahalpersian/byxUd7hAO2/ /bayar1/7sa9BpCVdDRcrMWiROv3/ /cgi-bin/NxYwE8FyaIw3Kgile/ /js/9dwcb1g2Vqh3Owz/ /kQLk1lMTa79K4xwgJ5g/ZMmtgsoZk9ng1S6V/ /lfHCegwZndgMs/KFfG/ /SDM/xDYmcOngg/ /wp-content/sux8Bfyu/ /wp-includes/y9jgKE7f1wMM/ /7sa9BpCVdDRcrMWiROv3/ /9dwcb1g2Vqh3Owz/ /byxUd7hAO2/ /kQLk1lMTa79K4xwgJ5g/ /lfHCegwZndgMs/ /NxYwE8FyaIw3Kgile/ /sux8Bfyu/ /xDYmcOngg/ /y9jgKE7f1wMM/ /ZMmtgsoZk9ng1S6V/ # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-06%20Emotet%20(E4)%20IOCs birebiregitim.net/wp-includes/f/ # Reference: https://twitter.com/Cryptolaemus1/status/1546404448150294528 airhobi.com/system/WLvH1ygkOYQO/ cointrade.world/receipts/0LjXVwpQrhw/ garantihaliyikama.com/wp-admin/jp64lssPHEe2ii/ haircutbar.com/cgi-bin/BC3WAQ8zJY4ALXA4/ /cgi-bin/BC3WAQ8zJY4ALXA4/ /receipts/0LjXVwpQrhw/ /system/WLvH1ygkOYQO/ /wp-admin/jp64lssPHEe2ii/ /0LjXVwpQrhw/ /BC3WAQ8zJY4ALXA4/ /jp64lssPHEe2ii/ /WLvH1ygkOYQO/ # Reference: https://twitter.com/Cryptolaemus1/status/1546596325856518144 3dstudioa.com.br/files/1ubPAB/ boardmart.co.za/images/DvMHPbTLn/ ebuysa.co.za/yt-assets/yZ30/ fikti.bem.gunadarma.ac.id/SDM/YH8OJ1Zz8miBX/ /files/1ubPAB/ /images/DvMHPbTLn/ /SDM/YH8OJ1Zz8miBX/ /yt-assets/yZ30/ /1ubPAB/ /DvMHPbTLn/ /YH8OJ1Zz8miBX/ # Reference: https://twitter.com/Cryptolaemus1/status/1546752209991262208 earthmach.co.za/libraries/K8Lnj5/ fashionbyprincessmelodicaah.com/4185PINT/79YtAbiNx92iI/ pccurico.cl/wp-admin/x3kyR3u8ARXStL7/ /4185PINT/79YtAbiNx92iI/ /libraries/K8Lnj5/ /wp-admin/x3kyR3u8ARXStL7/ /4185PINT/ /79YtAbiNx92iI/ /K8Lnj5/ /x3kyR3u8ARXStL7/ # Reference: https://twitter.com/Cryptolaemus1/status/1546755144528035841 aysbody.com/catalog/fKIbKAcI81pVn/ /catalog/fKIbKAcI81pVn/ /fKIbKAcI81pVn/ # Reference: https://twitter.com/Cryptolaemus1/status/1546943790195556352 akuntansi.itny.ac.id/asset/NH7qwRrn81Taa0VVqpx/ bpsjambi.id/about/CcN5IbuInPQ/ greenlizard.co.za/amanah/pu8xeUOpqqq/ /about/CcN5IbuInPQ/ /amanah/pu8xeUOpqqq/ /asset/NH7qwRrn81Taa0VVqpx/ /CcN5IbuInPQ/ /NH7qwRrn81Taa0VVqpx/ /pu8xeUOpqqq/ # Reference:https://www.virustotal.com/gui/file/00dab001a273bc60b9ee7e2e20716f7559d42baf8c8e9a8e519df73a25794f61/detection colfincas.com/tmp/FvyLs/ contentunion.net/newwebsite/UXkkk/ contrid.com/6vwkQmRU/ cordclipsorganizer.com/cable-holder-2e/a/ ctfilms.com/ks/2ygJuGV0/ dahiaka.com/DND/JuBlOiT8Ixj/ /DND/JuBlOiT8Ixj/ /ks/2ygJuGV0/ /newwebsite/UXkkk/ /2ygJuGV0/ /6vwkQmRU/ /JuBlOiT8Ixj/ # Reference: https://twitter.com/Cryptolaemus1/status/1547124358266896385 atici.net/c/JDFDBMIz/ atperson.com/campusvirtual/EOgFGo17w/ domesticuif.co.za/libraries/nbnH9dpd/ eliteturismo.com/phpmailer-old/dafdBxQONtk5Uf9dxll/ /c/JDFDBMIz/ /campusvirtual/EOgFGo17w/ /libraries/nbnH9dpd/ /phpmailer-old/dafdBxQONtk5Uf9dxll/ /dafdBxQONtk5Uf9dxll/ /EOgFGo17w/ /JDFDBMIz/ /nbnH9dpd/ # Reference: https://twitter.com/Cryptolaemus1/status/1547293715768963072 atici.net/c/JDFDBMIz/ atperson.com/campusvirtual/EOgFGo17w/ balletmagazine.ro/wp-content/9VrMPV/ domesticuif.co.za/libraries/nbnH9dpd/ eliteturismo.com/phpmailer-old/dafdBxQONtk5Uf9dxll/ fisika.mipa.uns.ac.id/reseller/img/nRAvAgoY8Y/ greycoconut.com/edm/71qUA/ zonainformatica.es/tienda/XCHJmidSYTkE/ /c/JDFDBMIz/ /campusvirtual/EOgFGo17w/ /edm/71qUA/ /libraries/nbnH9dpd/ /phpmailer-old/dafdBxQONtk5Uf9dxll/ /reseller/img/nRAvAgoY8Y/ /tienda/XCHJmidSYTkE/ /wp-content/9VrMPV/ /9VrMPV/ /EOgFGo17w/ /JDFDBMIz/ /XCHJmidSYTkE/ /dafdBxQONtk5Uf9dxll/ /nRAvAgoY8Y/ /nbnH9dpd/ # Reference: https://www.virustotal.com/gui/file/17cd84a5e5246dfbd4c94417ade88d4a58426b5926689d3135309191a181b059/detection 186.144.64.31:53 187.163.222.244:465 222.214.218.136:4143 # Generic trails /ringin/ /meecpy20181/ /s_w6_h2gc/ /o_wle6_cyuobdkxwm/ /3vzc_oj94_q3v42ns4nb/ /4ots_c9x_ty/ /cx8yyu/ /ofoJX/ /vXl0kcy/ /56mt6s8/SiP/ /db9my/2yh3wsv3w8/ /dovij7lgjd/ /info/Qmy4/ /otul6pg/eyhG/ /twitter-api/a_fx/ /private/hWJAF4yBv7/ /wordpress/VKj/ /wordpress_e/xh/ /wp-admin/7mRmsM/ /wp-admin/AYO/ /wp-admin/nBJ/ /wp-content/AKgD/ /wp-content/Ds_G/ /wp-content/ehiZ/ /wp-content/o_qO/ /wp-content/ZhG/